Tsaro ba zaɓi bane yanzu, amma kwas ɗin da ake buƙata ga kowane mai fasahar Intanet. HTTP, HTTPS, SSL, TLS - Shin da gaske kun fahimci abin da ke faruwa a bayan fage? A cikin wannan labarin, za mu bayyana ainihin ma'anar ka'idojin sadarwa na zamani ta hanyar da ba ta dace ba da kuma ta ƙwararru, kuma za mu taimaka muku fahimtar sirrin "bayan makullan" tare da jadawalin kwararar gani.
Me yasa HTTP ba shi da "tsaro"? --- Gabatarwa
Ka tuna da wannan gargaɗin da aka saba yi game da burauzar?
"Haɗin ku ba na sirri ba ne."
Da zarar gidan yanar gizo bai yi amfani da HTTPS ba, duk bayanan mai amfani za a rarraba su a fadin hanyar sadarwa a cikin rubutu mai sauƙi. Kalmar sirrin shiga, lambobin katin banki, har ma da tattaunawar sirri duk za a iya kama su ta hanyar mai kutse mai kyau. Babban dalilin wannan shine rashin ɓoye bayanan HTTP.
To ta yaya HTTPS, da "mai tsaron ƙofa" da ke bayansa, TLS, ke ba da damar bayanai su yi tafiya cikin aminci a Intanet? Bari mu raba shi da layi-layi.
HTTPS = HTTP + TLS/SSL --- Tsarin da Babban Manufofi
1. Menene ainihin HTTPS?
HTTPS (Tsarin Canja wurin HyperText) = Tsarin ɓoye bayanai na HTTP + (TLS/SSL)
○ HTTP: Wannan yana da alhakin jigilar bayanai, amma abubuwan da ke ciki ana iya gani a cikin rubutu mara rubutu
○ TLS/SSL: Yana samar da "kulle-kulle-kulle-kulle-kulle" don sadarwa ta HTTP, yana mai da bayanai zuwa wani wasanin gwada ilimi wanda mai aikawa da mai karɓa na gaskiya ne kawai zai iya warwarewa.
Hoto na 1: Guduwar bayanai tsakanin HTTP da HTTPS.
"Kulle" a cikin adireshin mai binciken shine alamar tsaro ta TLS/SSL.
2. Menene alaƙar da ke tsakanin TLS da SSL?
○ SSL (Layin Soket Mai Tsaro): Tsarin sirri na farko, wanda aka gano yana da rauni mai tsanani.
○ TLS (Tsaron Tsarin Sufuri): Wanda ya maye gurbin SSL, TLS 1.2 da kuma TLS 1.3 mai ci gaba, waɗanda ke ba da ci gaba mai mahimmanci a fannin tsaro da aiki.
A zamanin yau, "takaddun shaida na SSL" kawai aiwatarwa ne na yarjejeniyar TLS, wanda aka sanya wa suna kari kawai.
Cikakke cikin TLS: Sihiri Mai Sirri A Bayan HTTPS
1. An warware dukkan motsin musabaha
Tushen sadarwa mai aminci ta TLS shine rawar musafi a lokacin saitawa. Bari mu raba tsarin musafi na TLS na yau da kullun:
Hoto na 2: Gudun musabaha ta hannu ta TLS ta yau da kullun.
1️⃣ Saita Haɗin TCP
Abokin ciniki (misali, mai bincike) yana fara haɗin TCP zuwa sabar (tashar jiragen ruwa ta yau da kullun 443).
2️⃣ Lokacin Mu'amala da Hannu na TLS
○ Sannu Abokin Ciniki: Mai binciken yana aika sigar TLS mai goyan baya, ɓoye bayanai, da lambar bazuwar tare da Nunin Sunan Sabar (SNI), wanda ke gaya wa uwar garken wane sunan mai masaukin da yake son shiga (yana ba da damar raba IP a shafuka da yawa).
○ Sannu da Takaddun Shaida na Server: Sabar tana zaɓar sigar TLS da sirrin da ta dace, sannan ta mayar da takardar shaidarta (tare da maɓallan jama'a) da lambobi bazuwar.
○ Tabbatar da takardar shaida: Mai binciken yana tabbatar da sarkar takardar shaidar uwar garken har zuwa tushen CA mai aminci don tabbatar da cewa ba a ƙirƙira shi ba.
○ Samar da maɓallan Premaster: Mai binciken yana samar da maɓallan premaster, yana ɓoye shi da maɓallan jama'a na uwar garken, sannan ya aika shi zuwa uwar garken. Bangarorin biyu suna tattaunawa kan maɓallan zaman: Ta amfani da lambobin bazuwar ɓangarorin biyu da maɓallin premaster, abokin ciniki da uwar garken suna ƙididdige maɓallin zaman ɓoyewa iri ɗaya.
○ Kammala musabaha: Duk ɓangarorin biyu suna aika saƙonnin "An gama" ga junansu kuma suna shiga matakin watsa bayanai da aka ɓoye.
3️⃣ Canja wurin Bayanai Mai Tsaro
Duk bayanan sabis an ɓoye su daidai gwargwado tare da maɓallin zaman da aka tattauna yadda ya kamata, koda kuwa an katse su a tsakiya, to kawai tarin "lambar da aka gurbata".
4️⃣ Sake Amfani da Zaman
TLS yana sake tallafawa Zaman, wanda zai iya inganta aiki sosai ta hanyar barin abokin ciniki ɗaya ya tsallake musabaha mai gajiya.
Ɓoye-ɓoye marasa daidaituwa (kamar RSA) yana da aminci amma yana jinkiri. Ɓoye-ɓoye masu daidaituwa yana da sauri amma rarraba maɓallan yana da wahala. TLS yana amfani da dabarar "mataki biyu" - da farko musayar maɓallan da ba su da daidaito sannan tsarin daidaitawa don ɓoye bayanan yadda ya kamata.
2. Ci gaban Algorithm da inganta tsaro
RSA da Diffie-Hellman
○ RSA
An fara amfani da shi sosai a lokacin musabaha ta TLS don rarraba maɓallan zaman lafiya. Abokin ciniki yana samar da maɓallin zaman, yana ɓoye shi da maɓallin jama'a na uwar garken, sannan ya aika shi ta yadda uwar garken kawai zai iya ɓoye shi.
○ Diffie-Hellman (DH/ECDH)
Tun daga TLS 1.3, ba a sake amfani da RSA don musayar maɓalli don fifita ingantattun hanyoyin DH/ECDH waɗanda ke tallafawa sirrin gaba (PFS). Ko da an ɓoye maɓallin sirri, bayanan tarihi har yanzu ba za a iya buɗe su ba.
| Sigar TLS | Maɓallin Musayar Maɓalli | Tsaro |
| TLS 1.2 | RSA/DH/ECDH | Mafi girma |
| TLS 1.3 | kawai don DH/ECDH | Mafi Girma |
Shawarwari Masu Amfani da Dole ne Masu Aikin Sadarwa Su Kware
○ Haɓaka fifiko zuwa TLS 1.3 don ɓoyewa cikin sauri da aminci.
○ Kunna manyan ɓoye-ɓoye (AES-GCM, ChaCha20, da sauransu) kuma kashe ƙananan algorithms da ka'idoji marasa tsaro (SSLv3, TLS 1.0);
○ Sanya HSTS, OCSP Stapling, da sauransu don inganta kariyar HTTPS gaba ɗaya;
○ A riƙa sabunta da kuma duba jerin takaddun shaida akai-akai domin tabbatar da inganci da ingancin jerin takardun shaida.
Kammalawa & Tunani: Shin kasuwancin ku yana da aminci da gaske?
Daga HTTP mai rubutu zuwa HTTPS mai cikakken ɓoyewa, buƙatun tsaro sun samo asali ne a bayan kowace haɓaka yarjejeniya. A matsayin ginshiƙin sadarwa mai ɓoyewa a cikin hanyoyin sadarwa na zamani, TLS koyaushe tana inganta kanta don jure yanayin hare-hare mai rikitarwa.
Shin kasuwancinku ya riga ya yi amfani da HTTPS? Shin tsarin crypto ɗinku ya dace da mafi kyawun hanyoyin masana'antu?
Lokacin Saƙo: Yuli-22-2025
