ICloudflare yethule amathuluzi okutholwa kokuvinjelwa kwe-HTTPS

Darkcrizt

Imizuzu ye-4

izilo-in-the-middleware @ 2x

Inkampani ICloudflare yethule umtapo wezincwadi we-mitmengine osetshenziselwe ukuthola ukutholakala komgwaqo we-HTTPS, kanye nensizakalo yewebhu yeMalcolm yokuhlaziywa okubukwayo kwedatha eqoqwe eCloudflare.

Ikhodi ibhalwe ngolimi lweGo futhi isatshalaliswa ngaphansi kwelayisense le-BSD. Ukuqapha kwe-traffic kwe-Cloudflare kusetshenziswa ithuluzi elihlongoziwe kukhombisile ukuthi cishe i-18% yokuxhuma kwe-HTTPS iyabanjwa.

Ukuqhamuka kwe-HTTPS

Ezimweni eziningi, Ithrafikhi ye-HTTPS iyabanjwa ohlangothini lweklayenti ngenxa yomsebenzi wezinhlelo zokusebenza ze-antivirus zasendaweni ezahlukahlukene, firewalls, izinhlelo zokulawula zabazali, i-malware (ukweba amaphasiwedi, ukufaka izikhangiso noma ukufaka ikhodi yezimayini) noma amasistimu wokuhlola omgwaqo wezinkampani.

Izinhlelo ezinjalo zengeza isitifiketi sakho se-TLS ohlwini lwezitifiketi ohlelweni lwendawo futhi bayisebenzisela ukubamba ithrafikhi yomsebenzisi evikelwe.

Izicelo zamakhasimende zidluliselwa kuseva yendawo okuyiwa kuyo egameni lesoftware yokungena, ngemuva kwalokho iklayenti liphendulwa ngaphakathi koxhumano oluhlukile lwe-HTTPS olusungulwe kusetshenziswa isitifiketi se-TLS kusuka ohlelweni lokunqamula.

Kwezinye izimo, ukubamba kuhleliwe ohlangothini lweseva lapho umnikazi wesiphakeli ehambisa ukhiye oyimfihlo kumuntu wesithathuIsibonelo, i-reverse proxy opharetha, uhlelo lokuvikela i-CDN noma i-DDoS, oluthola izicelo zesitifiketi sokuqala se-TLS bese luzithumela kuseva yokuqala.

Kunoma yikuphi, Ukuqanjwa kwe-HTTPS kubukela phansi uchungechunge lokuthembana futhi kwethula isixhumanisi esingeziwe sokuyekethisa, okuholele ekwehleni okukhulu ezingeni lokuvikelwa ukuxhumana, ngenkathi kushiya ukuvela kobukhona besivikelo futhi ngaphandle kokubangela ukusola kubasebenzisi.

Mayelana mitmengine

Ukuhlonza ukuhlukaniswa kwe-HTTPS yi-Cloudflare, kunikezwa iphakethe le-mitmengine, okuthi ukufaka kuseva futhi kuvumela ukubanjwa kwe-HTTPS ukuthi kutholakale, kanye nokunquma ukuthi iziphi izinhlelo ezisetshenziselwe ukubamba.

Ingqikithi yendlela yokunquma ukungena ngaphakathi ngokuqhathanisa izici eziqondene nesiphequluli sokucubungula kwe-TLS nesimo sangempela sokuxhuma.

Ngokuya ngesihloko se-Agent yomsebenzisi, injini inquma isiphequluli bese ihlola ukuthi izici zokuxhuma ze-TLSnjengamapharamitha we-TLS okuzenzakalelayo, izandiso ezisekelwayo, isimemezelo se-cipher suite, inqubo yokuchazwa kwe-cipher, amaqembu, namafomethi ejika le-elliptic ahambelana nalesi siphequluli.

I-database yesiginesha esetshenziselwe ukuqinisekiswa inezikhombi ezijwayelekile ezingama-500 ze-TLS zeziphequluli nezinhlelo zokubamba.

Idatha ingaqoqwa ngemodi yokwenziwa ngokuhlaziywa kokuqukethwe kwezinkambu kumlayezo weClientHello, osakazwa ngokusobala ngaphambi kokufaka isiteshi sokuxhumana esibethelwe.

I-TShark evela ku-Wireshark 3 analyzer yenethiwekhi isetshenziselwa ukuthwebula ithrafikhi.

Iphrojekthi ye-mitmengine ibuye inikeze umtapo wezincwadi wokuhlanganisa imisebenzi yokunquma kubaphathi be-server abangenakuphikiswa.

Esimweni esilula kakhulu, kwanele ukwedlula amanani we-Agent yomsebenzisi ne-TLS ClientHello wesicelo samanje futhi umtapo wezincwadi uzonikeza ithuba lokuvinjelwa kanye nezinto ezisuselwe kusiphetho esisodwa noma kwesinye.

Ngokuya ngezibalo zethrafikhi kudlula inethiwekhi yokulethwa kokuqukethwe kwe-Cloudflare, okuyi icubungula cishe i-10% yalo lonke ithrafikhi ye-Intanethi, kwethulwa insiza yewebhu ekhombisa ushintsho ekunqandeni okuguquguqukayo ngosuku.

Isibonelo, enyangeni eyedlule, ukungenelela kwaqoshwa ngamakhompiyutha ayi-13.27%, ngoMashi 19, isibalo sasingu-17.53%, kwathi ngoMashi 13 safinyelela esicongweni esingu-19.02%.

Ukuqhathanisa

Injini yokuqhamuka edume kakhulu uhlelo lokuhlunga lweSymantec Bluecoat, olwenza u-94.53% wazo zonke izicelo zokunqanda ukukhonjwa.

Lokhu kulandelwa ngummeleli obuyela emuva we-Akamai (4.57%), i-Forcepoint (0.54%) kanye neBarracuda (0.32%).

Iningi lama-antivirus kanye nezinhlelo zokulawula zabazali azifakwanga kusampula lama-interceptors akhonjiwe, ngoba bekungakaqoqwa amasiginesha anele ukukhonjwa kwawo ngqo.

Ku-52,35% wamacala, ithrafikhi yezinguqulo zedeskithophu zeziphequluli ziye zabanjwa kwathi ku-45,44% yeziphequluli zamadivayisi weselula.

Ngokuya ngezinhlelo zokusebenza, izibalo zimi kanje: I-Android (35.22%), iWindows 10 (22.23%), iWindows 7 (13.13%), i-iOS (11.88%), ezinye izinhlelo ezisebenzayo (17.54%).

Umthombo: https://blog.cloudflare.com


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.