Site na HTTP ruo HTTPS: Ịghọta TLS, SSL na Nkwukọrịta ezoro ezo na Mylinking™ Network Packet Brokers

Nchekwa abụghịzi nhọrọ, mana usoro achọrọ maka ndị na-ahụ maka teknụzụ ịntanetị ọ bụla. HTTP, HTTPS, SSL, TLS - Ị ghọtara n'ezie ihe na-eme n'azụ ihe nkiri? N'isiokwu a, anyị ga-akọwa isi mgbagha nke ọgbara ọhụrụ ezoro ezo protocol nkwurịta okwu n'ụzọ nkịtị na ọkachamara, na-enyere gị aka ịghọta ihe nzuzo "n'azụ mkpọchi" na a visual eruba chaatị.

Kedu ihe kpatara HTTP ji bụrụ "enweghị nchebe"? --- Okwu mmalite

Cheta ịdọ aka ná ntị nchọgharị ahụ amaara nke ọma?

njikọ gị adịghị nchebe

"njikọ gị abụghị nke nzuzo."
Ozugbo webụsaịtị anaghị ebuga HTTPS, ozi onye ọrụ niile na-agbagharị n'ofe netwọkụ ahụ na ederede doro anya. Okwuntughe nbanye gị, nọmba kaadị ụlọ akụ, na ọbụna mkparịta ụka nzuzo gị niile nwere ike ijide onye ọchụnta ego nwere ọnọdụ nke ọma. Ihe kpatara nke a bụ enweghị nzuzo HTTP.

Yabụ kedu ka HTTPS, na “onye nche ọnụ ụzọ” dị n'azụ ya, TLS, si ekwe ka data gaa na ịntanetị n'enweghị nsogbu? Ka anyị kwatuo ya oyibo n'oyi oyibo.

HTTPS = HTTP + TLS/SSL --- Ọdịdị na isi echiche

1. Gịnị bụ HTTPS na isi?

HTTPS (HyperText Nyefee Protocol Secure) = HTTP + oyi akwa mkpuchi (TLS/SSL)
○ HTTP: Nke a na-ahụ maka ibuga data, mana ihe dị n'ime ya ka a na-ahụ na ederede doro anya
TLS/SSL: Na-enye "mkpọchi na nzuzo" maka nkwurịta okwu HTTP, na-atụgharị data ahụ ka ọ bụrụ ihe mgbagwoju anya nke naanị onye zitere na nnata ziri ezi nwere ike idozi.

HTTPS HTTP TLS SSL

Ọgụgụ 1: HTTP vs HTTPS data eruba.

"Mkpọchi" na ihe nchọgharị adreesị mmanya bụ TLS/SSL ọkọlọtọ nche.

2. Gịnị bụ mmekọrịta dị n'etiti TLS na SSL?

○ SSL (Secure Sockets Layer): Usoro nkwekọrịta cryptographic izizi, nke achọpụtara na ọ nwere nnukwu ọghọm.

TLS (Nchebe oyi akwa Transport): Onye ga-anọchi SSL, TLS 1.2 na TLS 1.3 dị elu karịa, nke na-enye nkwalite dị ukwuu na nchekwa na arụmọrụ.
Ụbọchị ndị a, "Asambodo SSL" bụ naanị mmejuputa iwu nke TLS, aha ya bụ ndọtị.

Banye n'ime TLS: Anwansi Cryptographic Behind HTTPS

1. A na-edozi eruba aka aka

Ntọala nke nkwurịta okwu TLS echekwabara bụ ịgba egwu aka n'oge nhazi. Ka anyị kwatuo usoro aka aka TLS:

Usoro aka aka TLS

 

Onyonyo 2: Ọsọ aka aka TLS na-ahụkarị.

1️⃣ Ntọala njikọ TCP

Onye ahịa (dịka ọmụmaatụ, ihe nchọgharị) na-ebute njikọ TCP na sava (ọdụ ụgbọ mmiri ọkọlọtọ 443).

2️⃣ Usoro aka aka TLS

Ndewo onye ahịa: Ihe nchọgharị ahụ na-eziga ụdị TLS akwadoro, cipher, na nọmba random yana Ngosi Aha Server (SNI), nke na-agwa ihe nkesa nke aha nnabata ọ chọrọ ịnweta (na-eme ka ikesa IP gafee ọtụtụ saịtị).

Ndewo Sava & Esemokwu Akwụkwọ: Ihe nkesa na-ahọrọ ụdị TLS kwesịrị ekwesị yana cipher, wee zighachi akwụkwọ ya (ji igodo ọha) yana nọmba enweghị usoro.

○ Asambodo nkwado: Ihe nchọgharị ahụ na-enyocha yinye akwụkwọ nkesa ihe niile ruo mgbọrọgwụ CA ntụkwasị obi iji hụ na e mejọrọ ya.

○ Ọgbọ igodo Premaster: Ihe nchọgharị ahụ na-ewepụta igodo premaster, jiri igodo ọha nke sava ahụ zoo ya, wee ziga ya na sava ahụ. Ndị otu abụọ na-akpakọrịta igodo nnọkọ: N'iji ọnụọgụ ọnụọgụ abụọ na igodo premaster, onye ahịa na sava na-agbakọ otu igodo nzuzo nzuzo symmetric.

○ Mmecha aka: Ndị otu abụọ ahụ na-ezigara ibe ha ozi "Emechara" wee banye n'usoro nnyefe data ezoro ezo.

3️⃣ Nyefee data echekwara

A na-eji igodo nnọkọ mkparịta ụka ezoro ezoro ezo niile data ọrụ nke ọma, ọ bụrụgodị na ejidere ya n'etiti, ọ bụ naanị ụyọkọ "koodu garbled".

4️⃣ Megharia oge

TLS na-akwado nnọkọ ọzọ, nke nwere ike imeziwanye arụmọrụ site n'ikwe ka otu onye ahịa ahụ wụpụ aka na-agwụ ike.
Ihe nzuzo asymmetric (dị ka RSA) nwere nchekwa mana ọ dị nwayọ. Izo ya ezo Symmetric na-adị ngwa ngwa mana nkesa igodo na-akpa ike. TLS na-eji atụmatụ "nzọụkwụ abụọ" - nke mbụ mgbanwe igodo echekwara asymmetric wee bụrụ atụmatụ symmetric iji zoo data ahụ nke ọma.

2. Algorithm evolushọn na nche nkwalite

RSA na Diffie-Hellman
○ RSA
Ebu ụzọ jiri ya mee ihe n'oge mmetụ aka TLS iji kesaa igodo nnọkọ n'enweghị nsogbu. Onye ahịa ahụ na-ewepụta igodo nnọkọ, jiri igodo ọha nke sava ahụ zoo ya, wee ziga ya ka ọ bụ naanị sava nwere ike mebie ya.

○ Diffie-Hellman (DH/ECDH)
Dịka nke TLS 1.3, a naghịzi eji RSA maka mgbanwe isi na-akwado algọridim DH/ECDH dị nchebe karịa nke na-akwado nzuzo nzuzo (PFS). Ọbụlagodi na agbapụrụ igodo nzuzo ahụ, data akụkọ ihe mere eme ka enweghị ike imeghe.

Ụdị TLS igodo Exchange Algorithm Nchekwa
TLS 1.2 RSA/DH/ECDH Nke ka elu
TLS 1.3 naanị maka DH/ECDH Karịrị elu

Ndụmọdụ bara uru na ndị na-ahụ maka ịkparịta ụka n'Ịntanet ga-amụtarịrị

○ Nwelite ụzọ gaa na TLS 1.3 maka izo ya ezo ngwa ngwa yana nchekwa.
○ Kwado ciphers siri ike (AES-GCM, ChaCha20, wdg) ma gbanyụọ algọridim na-adịghị ike na usoro enweghị nchebe (SSLv3, TLS 1.0);
○ Hazie HSTS, OCSP Stapling, wdg. iji kwalite nchekwa HTTPS n'ozuzu;
○ Na-emelite mgbe niile ma nyochaa yinye asambodo iji hụ na izi ezi na izi ezi nke yinye ntụkwasị obi.

Mmechi & Echiche: Azụmahịa gị ọ dị nchebe n'ezie?

Site na HTTP dị larịị ruo na HTTPS ezoro ezo nke ọma, ihe nchekwa chọrọ etolitela n'azụ nkwalite protocol ọ bụla. Dị ka isi nkuku nke nzikọrịta ozi ezoro ezo na netwọk ọgbara ọhụrụ, TLS na-emeziwanye onwe ya mgbe niile iji nagide gburugburu ebe ọgụ na-agbagwoju anya.

 

Azụmahịa gị ọ na-eji HTTPS emebu? Nhazi crypto gị ọ dabara na omume kacha mma ụlọ ọrụ?


Oge nzipu: Jul-22-2025