Namhlanje, Septemba 30, Isiqinisekiso seengcambu ze-IdenTrust siphelelwe lixesha kwaye sesi siqinisekiso yayisetyenziselwa ukusayina isatifikethi se-Encrypt (ISRG Root X1), elawulwa luluntu kwaye inikezela ngeziqinisekiso mahala kubo bonke.
Ifemi iqinisekise ukuthembakala kwezatifikethi zokuBethela kuluhlu olubanzi lwezixhobo, iinkqubo zokusebenza kunye neebrawuza ngelixa sidibanisa isiQinisekiso seSistim seengcambu kwiivenkile zesatifikethi seengcambu.
Kwakucwangcisiwe ukuba emva kokuba i-DST Root CA X3 iphelelwe lixesha, iprojekhthi ye-Encrypt iya kutshintshela ekuveliseni iisiginitsha isebenzisa isatifikethi sakho kuphela, kodwa inyathelo elinje linokukhokelela kwilahleko yokuhambelana ngeenkqubo ezininzi ezindala ezingakhange zenze. Ngokukodwa, ngeenxa zonke iipesenti ezingama-30 zezixhobo ze-Android ezisetyenziswayo azinayo idatha kwisetifikethi se-Encrypt yeengcambu, inkxaso yayo ebonakala kuphela njengeqonga le-Android 7.1.1, elikhutshwe ekupheleni kuka-2016.
Masibethele ngokungacwangciswanga ukungena kwisivumelwano esitsha sokutyikitywa, njengoko oku kubeka uxanduva olongezelelekileyo kumaqela kwisivumelwano, kubathintela kwinkululeko, kwaye kubopha izandla zabo ekuthobeleni zonke iinkqubo kunye nemithetho yelinye igunya lesatifikethi.
Kodwa ngenxa yeengxaki ezinokubakho kwinani elikhulu lezixhobo ze-Android, icebo lahlaziywa. Isivumelwano esitsha satyikitywa kunye negunya lesatifikethi se-IdenTrust, ekwathi phantsi kwayo kwasekwa esinye isiqinisekiso esisayiniweyo esiphakathi. Ukutyikitywa komnqamlezo kuya kusebenza iminyaka emithathu kwaye kuya kuqhubeka ukuhambelana nezixhobo ze-Android ezivela kuhlobo 2.3.6.
Nangona kunjalo, Isatifikethi esitsha esiphakathi asiquki ezinye iinkqubo ezininzi zelifa. Umzekelo, emva kokuphelelwa kwesatifikethi se-DST Root CA X3 (namhlanje nge-30 kaSeptemba), Masibethele ngokungekhe sisamkelwa kwifirmware engaxhaswanga kunye neenkqubo zokusebenza, apho, ukuqinisekisa ukuthembela kwizatifikethi ze-Encrypt, kuyakufuneka ukongeze ngesandla Ingcambu ye-ISRG. Isatifikethi seX1 kwingcambu yesitifiketi seengcambu. Iingxaki ziya kubonakala ku:
I-OpenSSL ukuya kuthi ga kwaye kubandakanya isebe 1.0.2 (ukugcinwa kwesebe 1.0.2 kuyekisiwe ngoDisemba 2019);
- I-NSS <3,26
- IJava 8 <8u141, Java 7 <7u151
- IWindows
- ImacOS <10.12.1
- IOS <10 (i-iPhone <5)
- I-Android <2.3.6
- IMozilla Firefox <50
- Ubuntu <16.04
- Debian <8
Kwimeko ye-OpenSSL 1.0.2, ingxaki ibangelwa yimpazamo ethintela ukuphathwa ngokuchanekileyo kwezatifikethi ityikityiwe xa esinye sezatifikethi seengcambu ezichaphazelekayo ekutyikityeni siphelelwa lixesha, nangona ezinye iintambo zetrasti zigcinekile.
Ingxaki ivele okokuqala kunyaka ophelileyo emva kokuphela kwesatifikethi seAddTrust isetyenziselwa ukutyikitywa kwezatifikethi zeSectigo (Comodo) igunya lesatifikethi. Intliziyo yengxaki kukuba i-OpenSSL isigqithisile isatifikethi njengentsontelo yomgama, ngelixa ngokwe-RFC 4158, isatifikethi sinokumela itshathi ehanjisiweyo ehanjiswa ngee-anchor ezahlukeneyo ekufuneka zithathelwe ingqalelo.
Abasebenzisi bezabelo ezindala ezisekwe kwi-OpenSSL 1.0.2 banikwa izisombululo ezintathu zokusombulula ingxaki:
- Ngesandla susa i-IdenTrust DST Ingcambu CA X3 isatifikethi seengcambu kwaye ufake isalone esizimeleyo ISRG Root X1 isatifikethi seengcambu (akukho kutyikitywa komnqamlezo).
- Khankanya "-trusted_first" ukhetho xa usebenzisa i-openssl qinisekisa kunye s_client imiyalelo.
- Sebenzisa isatifikethi kwiseva esiqinisekiswe sisitifiketi esizimeleyo se-SRG Root X1 esingatyikitywanga. Le ndlela iya kukhokelela ekulahlekelweni kokuhambelana nabathengi abadala be-Android.
Ukongeza, iprojekhthi ye-Encrypt ipasile kwinqanaba lesatifikethi seebhiliyoni ezimbini. Esona siganeko sibalulekileyo senzeka ngoFebruwari wonyaka ophelileyo. Yonke imihla kuveliswa izatifikethi ezitsha eziyi-2,2-2,4. Inani lezatifikethi ezisebenzayo zizigidi ezili-192 (isatifikethi sisebenza iinyanga ezintathu) kwaye sigubungela imimandla ezizigidi ezingama-260 (kunyaka odlulileyo sigubungele imimandla ezizigidi ezili-195, kwiminyaka emibini edlulileyo- i-150 yezigidi, kwiminyaka emithathu edlulileyo- kwizigidi ezingama-60).
Ngokwezibalo ezivela kwinkonzo yeFirefox Telemetry, isabelo sehlabathi sezicelo zamaphepha ngaphezulu kwe-HTTPS ngama-82% (kunyaka omnye odlulileyo- ngama-81%, kwiminyaka emibini edlulileyo- ngama-77%, kwiminyaka emithathu edlulileyo- ngama-69%, kwiminyaka emine edlulileyo- ngama-58%).
Umthombo: https://scotthelme.co.uk/