Aya ndiwo marongedzero akamira kuve neinternet nekuda kweiyo Ngatinyorore chitupa

Nhasi, Gunyana 30, IdenTrust midzi chitupa cheupenyu hwapera uye ndicho chitupa ichi yaishandiswa kusaina Chitupa chaTinyorese (ISRG Root X1), inodzorwa nharaunda uye inopa zvitupa zvemahara kune vese.

Iyo femu yakasimbisa kuvimbika kweTinyore Encrypt zvitupa pane akasiyana akasiyana madhijitari, anoshanda masisitimu uye mabhurawuza nepo tichisanganisa Ngatisimbise wega mudzi chitupa mumidzi chitupa zvitoro.

Izvo zvakange zvakarongwa kuti mushure mekunge DST Root CA X3 yapera nguva, iyo Regai Encrypt chirongwa inozo shandura ichigadzira masiginecha chete chitupa chako, asi danho rakadai rinotungamira mukurasikirwa kwekuenderana ine akawanda masisitimu ekare asina. Kunyanya, kwakatenderedza 30% yezvishandiso zveApple zviri kushandiswa hazvina dhata pane Ngatinyorwe chitupa chemidzi, rutsigiro rwayo rwakaonekwa chete senge yeiyo Android 7.1.1 chikuva, chakaburitswa mukupera kwa2016.

Ngatinyorwei Encrypt haina kuronga kupinda muchibvumirano chitsva chemasaini, sezvo izvi zvichipa mutoro wakawedzera kumapato echibvumirano, anovatorera kuzvimiririra uye nekusunga maoko avo kutevedzera zvese maitirwo nemitemo yeimwe chiremera chesitifiketi.

Asi nekuda kwematambudziko anogona kuitika pane yakawanda nhamba yeApple zvishandiso, chirongwa chakadzokororwa. Chibvumirano chitsva chakasainwa neIdenTrust chitupa chiremera, pasi pacho imwe nzira Ngatinyorwe yepakati nepakati-yakasaina chitupa chakagadzirwa. Saini yemuchinjikwa ichave inoshanda kwemakore matatu uye icharamba ichienderana neApple zvishandiso kubva mushanduro 2.3.6.

Zvisinei, chitupa chitsva chepakati hachifukidze mamwe akawanda masisitimu enhaka. Semuenzaniso, mushure mekunge chitupa cheDST Root CA X3 chapera (nhasi Nyamavhuvhu 30), Ngatinyororei zvitupa hazvichazotambirwa pane isingatsigirwe firmware uye masisitimu anoshanda, ayo, kuti ave nechokwadi chekuvimba neTinyorera Zvitupa, iwe uchafanirwa kuwedzera manyore. ISRG mudzi. X1 chitupa kumidzi chitoro chitoro. Matambudziko anozozviratidza mu:

OpenSSL kumusoro uye kusanganisira bazi 1.0.2 (kugadziriswa kwebazi 1.0.2 kwakamiswa muna Zvita 2019);

  • NSS <3,26
  • Java 8 <8u141, Java 7 <7u151
  • Mahwindo
  • macOS <10.12.1
  • iOS <10 (iPhone <5)
  • Android <2.3.6
  • Mozilla Firefox <50
  • Ubuntu <16.04
  • Debian <8

Kana iri OpenSSL 1.0.2, dambudziko rinokonzerwa nekanganiso iyo inodzivirira kubata kwakakodzera kwezitifiketi kusaina-kusaina kana imwe yemidzi zvitupa zvine chekuita nekusaina ichipera, kunyangwe mamwe maketeni anoshanda ekuvimba akachengetedzwa.

Dambudziko yakatanga kubuda gore rapfuura mushure mekupererwa kwechitupa cheAddTrust inoshandiswa pakusaina-kusaina zvitupa zveSectigo (Comodo) chitupa chiremera. Mwoyo wedambudziko nderekuti OpenSSL yakaburitsa chitupa seketani ine mutsetse, nepo maererano neRFC 4158, chitupa chinogona kumiririra chati yakapihwa yakapihwa chati ine akasiyana anchor anchor anofanirwa kutariswa.

Vashandisi vekuparadzira kwekare kwakavakirwa paOpenSSL 1.0.2 vanopihwa mhinduro nhatu kugadzirisa dambudziko:

  • Nemaoko bvisa iyo IdenTrust DST Mudzi CA X3 midzi chitupa uye isa iyo yakamira ISRG Root X1 midzi chitupa (isina muchinjikwa kusaina).
  • Tsanangura iyo "-yakatendeka_kutanga" sarudzo paunenge uchimhanyisa opensl yekuongorora uye s_client mirairo.
  • Shandisa chitupa pane server icho chakasimbiswa neakazvimirira SRG Mudzi X1 midzi chitupa icho chisina kuyananiswa-kusaina (Ngatimbonyorai inopa sarudzo yekukumbira yakadaro chitupa). Iyi nzira inotungamira mukurasikirwa kwekuenderana nevatengi vekare Android vatengi.

Uye zvakare, iyo Let Encrypt chirongwa chakapfuura nhanho yezvikwereti mabhiriyoni maviri akagadzirwa. Chiitiko chikuru che bhirioni chakasvikwa muna Kukadzi wegore rapfuura. Mazuva ese 2,2-2,4 mamirioni zvitupa zvitsva zvinogadzirwa. Huwandu hwezvitupa zvinoshanda i192 miriyoni (chitupa chinoshanda kwemwedzi mitatu) uye chinofukidza madhora mazana maviri nemakumi maviri nemakumi (gore rapfuura chakafukidza 260 mamirioni masizinda, makore maviri apfuura - mamirioni zana nemakumi matatu, makore matatu apfuura - mamirioni makumi matanhatu).

Zvinoenderana nenhamba kubva kuFirefox Telemetry sevhisi, mugove wepasi rose wekukumbira peji pamusoro peHTTPS ndeye 82% (gore rimwe chete rapfuura - 81%, makore maviri apfuura - 77%, makore matatu apfuura - 69%, makore mana apfuura - 58%).

mabviro: https://scotthelme.co.uk/


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako