Nchekwa abụghịzi nhọrọ, kama ọ bụ usoro mmụta dị mkpa maka onye ọ bụla na-arụ ọrụ na teknụzụ ịntanetị. HTTP, HTTPS, SSL, TLS - Ị ghọtara ihe na-eme n'azụ ihe nkiri? N'isiokwu a, anyị ga-akọwa isi ihe dị mkpa nke usoro nkwukọrịta ezoro ezo nke oge a n'ụzọ nkịtị na nke ọkachamara, ma nyere gị aka ịghọta ihe nzuzo "dị n'azụ mkpọchi" site na eserese usoro anya.

Gịnị mere HTTP ji bụrụ "ihe nchekwa"? --- Okwu Mmalite

Cheta ịdọ aka ná ntị nke ihe nchọgharị ahụ a maara nke ọma?

"Njikọ gị abụghị nkeonwe."
Ozugbo weebụsaịtị anaghị etinye HTTPS, a na-agbasa ozi niile nke onye ọrụ n'ofe netwọk ahụ n'ụzọ ederede doro anya. Onye na-eji ngwa aghụghọ nwere ike ijide paswọọdụ nbanye gị, nọmba kaadị ụlọ akụ gị, na ọbụna mkparịta ụka nkeonwe gị. Isi ihe kpatara nke a bụ enweghị nzuzo nke HTTP.

Kedụ ka HTTPS, na "onye nche ọnụ ụzọ" dị n'azụ ya, TLS, si ekwe ka data gaa n'ịntanetị n'enweghị nsogbu? Ka anyị kewaa ya n'otu n'otu.

HTTPS = HTTP + TLS/SSL --- Nhazi na Echiche Isi

1. Gịnị bụ HTTPS n'ime isi ihe?

HTTPS (Nnyefe Okwu HyperText Secure) = oyi akwa HTTP + Encryption (TLS/SSL)
○ HTTP: Nke a bụ ọrụ maka ibufe data ahụ, mana a na-ahụ ọdịnaya ahụ na ederede nkịtị
○ TLS/SSL: Na-enye "mkpọchi nzuzo" maka nkwukọrịta HTTP, na-agbanwe data ka ọ bụrụ ihe mgbagwoju anya nke naanị onye zitere na onye nnata ziri ezi nwere ike idozi.

Foto nke 1: Usoro data HTTP vs HTTPS.

"Mkpọchi" dị na adreesị ihe nchọgharị ahụ bụ ọkọlọtọ nchekwa TLS/SSL.

2. Gịnị bụ mmekọrịta dị n'etiti TLS na SSL?

○ SSL (Nchekwa Sockets Layer): Usoro nzuzo mbụ, nke achọpụtara na ọ nwere nnukwu nsogbu.

○ TLS (Nchekwa Akwa Ụgbọala): Onye nọchiri SSL, TLS 1.2 na TLS 1.3 dị elu karị, nke na-enye nnukwu mmezi na nchekwa na arụmọrụ.
N'oge a, "asambodo SSL" bụ naanị mmejuputa nke usoro TLS, nke a na-akpọ naanị ndọtị.

N'ime TLS nke ọma: Anwansi Cryptographic dị n'azụ HTTPS

1. A na-edozi usoro mmanye aka nke ọma

Isi ihe dị mkpa n'ịkpọsa okwu TLS bụ ịgba egwu aka n'oge nhazi. Ka anyị kọwaa usoro nkwado aka TLS a na-ejikarị eme ihe:

Foto nke 2: Usoro nkwado aka TLS nkịtị.

1️⃣ Ntọala njikọ TCP

Onye ahịa (dịka ọmụmaatụ, ihe nchọgharị) na-amalite njikọ TCP na sava (ọdụ ụgbọ mmiri ọkọlọtọ 443).

Oge 2️⃣ Usoro Mkpọku Aka TLS

○ Ndewo onye ahịa: Ihe nchọgharị ahụ na-eziga ụdị TLS akwadoro, nzuzo, na nọmba enweghị usoro yana Ngosipụta Aha sava (SNI), nke na-agwa sava aha nnabata ọ chọrọ ịnweta (na-eme ka nkesa IP dị n'ọtụtụ saịtị).

○ Ndewo na Nsogbu Asambodo nke Sava: Sava ahụ na-ahọrọ ụdị TLS na nzuzo kwesịrị ekwesị, wee zighachi asambodo ya (na igodo ọha) na ọnụọgụgụ enweghị usoro.

○ Nkwenye asambodo: Ihe nchọgharị ahụ na-enyocha usoro asambodo sava ahụ ruo na CA mgbọrọgwụ a tụkwasịrị obi iji hụ na e meghị ya.

○ Mmepụta igodo Premaster: Ihe nchọgharị ahụ na-emepụta igodo premaster, na-ezochi ya na igodo ọha nke sava ahụ, ma na-eziga ya na sava ahụ. Ndị otu abụọ na-akparịta ụka na igodo nnọkọ: Site na iji ọnụọgụgụ ndị otu abụọ ahụ na igodo premaster, onye ahịa na sava ahụ na-agbakọ otu igodo nnọkọ nzuzo symmetric.

○ Mmecha aka: Ndị otu abụọ ahụ na-ezigara ibe ha ozi "Emechara" ma banye na usoro nnyefe data ezoro ezo.

3️⃣ Nnyefe Data Nchekwa

A na-ezochi data ọrụ niile site na iji igodo nnọkọ a kparịtara ụka nke ọma, ọbụlagodi na ejidere ya n'etiti, ọ bụ naanị ọtụtụ "koodu a gbagọrọ agbagọ".

4️⃣ Ojiji ọzọ nke nnọkọ

TLS na-akwado Session ọzọ, nke nwere ike ime ka arụmọrụ ka mma nke ukwuu site n'ikwe ka otu onye ahịa ahụ ghara ikwe ka aka na-agwụ ike.
Nzochi ihe na-adịghị agbanwe agbanwe (dịka RSA) dị nchebe mana ọ na-adị nwayọ. Nzochi ihe na-adịghị agbanwe agbanwe na-adị ngwa ngwa mana nkesa isi ihe na-adịghị mfe. TLS na-eji atụmatụ "nzọụkwụ abụọ" - nke mbụ mgbanwe igodo nchekwa na-adịghị agbanwe agbanwe wee jiri atụmatụ symmetric zoo data nke ọma.

2. Mmepe Algọridim na Mmezi Nchekwa

RSA na Diffie-Hellman
○ RSA
A na-eji ya eme ihe nke ọma n'oge a na-eme TLS aka iji kesaa igodo nnọkọ n'enweghị nsogbu. Onye ahịa ahụ na-emepụta igodo nnọkọ, na-ezochi ya na igodo ọha nke sava ahụ, ma na-eziga ya ka naanị sava ahụ wee nwee ike ịchọpụta ya.

○ Diffie-Hellman (DH/ECDH)
Dịka ọ dị na TLS 1.3, a naghịzi eji RSA eme mgbanwe isi iji kwado usoro DH/ECDH dị nchebe karị nke na-akwado nzuzo n'ihu (PFS). Ọ bụrụgodị na a gbapụtara igodo nkeonwe, a ka nwere ike imeghe data akụkọ ihe mere eme.

Ụdị TLS	Algọridim Mgbanwe Isi	Nchekwa
TLS 1.2	RSA/DH/ECDH	Ka Elu
TLS 1.3	naanị maka DH/ECDH	Ka Elu

Ndụmọdụ Bara Uru nke Ndị Ọrụ Ntanetị Ga-enwerịrị

○ Mmelite mbụ gaa na TLS 1.3 maka nzuzo ngwa ngwa na nchekwa karịa.
○ Mee ka ihe nzuzo siri ike (AES-GCM, ChaCha20, wdg) rụọ ọrụ ma gbanyụọ algọridim na-adịghị ike na usoro nchekwa na-adịghị mma (SSLv3, TLS 1.0);
○ Hazie HSTS, OCSP Stapling, wdg iji melite nchekwa HTTPS n'ozuzu ya;
○ Na-emelite ma na-enyocha usoro asambodo mgbe niile iji hụ na usoro ntụkwasị obi ahụ ziri ezi ma dịkwa mma.

Mmechi na Echiche: Azụmaahịa gị ọ dị nchebe n'ezie?

Site na HTTP nkịtị ruo HTTPS nke e zoro ezo nke ọma, ihe achọrọ maka nchekwa agbanweela n'azụ mmelite protocol ọ bụla. Dịka ntọala nke nkwukọrịta ezoro ezo na netwọk ọgbara ọhụrụ, TLS na-emeziwanye onwe ya mgbe niile iji nagide gburugburu mwakpo siri ike.

Mylinking™ Netwọk Packet Broker (NPB) ML-NPB-5690

6 * 40GE/100GE QSFP28 tinyere 48 * 10GE/25GE SFP28, Kachasị 1.8Tbps

Nkọwapụta SSL

Na-akwado ibugo asambodo nkọwapụta SSL kwekọrọ, ime ka data HTTPS zoro ezo nke okporo ụzọ akọwapụtara, wee wepụta ya na sistemụ nlekota na nyocha azụ dịka achọrọ, nke nwere ike mezue nkọwapụta ozi ezoro ezo nke TLS1.0, TLS1.2 na SSL3.0.

Azụmaahịa gị ọ na-eji HTTPS ugbua? Nhazi ego gị ọ dabara na usoro kachasị mma nke ụlọ ọrụ?

Oge ozi: Julaị-22-2025

Site na HTTP ruo HTTPS: Ịghọta TLS, SSL na Nkwukọrịta Ezoro Ezo na Mylinking™ Network Packet Brokers