Tsaro ba zaɓi ba ne, amma kwas ɗin da ake buƙata ga kowane ma'aikacin fasahar Intanet. HTTP, HTTPS, SSL, TLS - Shin kun fahimci abin da ke faruwa a bayan al'amuran? A cikin wannan labarin, za mu yi bayanin ainihin ma'anar ƙa'idodin sadarwar rufaffiyar zamani ta hanyar ƙwararru da ƙwararru, kuma za mu taimaka muku fahimtar sirrin "bayan makullai" tare da ginshiƙi na gani.
Me yasa HTTP "ba ta da tsaro"? --- Gabatarwa
Ka tuna wannan sanannen gargaɗin mai bincike?
"Haɗin ku ba na sirri bane."
Da zarar gidan yanar gizon bai aika HTTPS ba, duk bayanan mai amfani suna kan titi a cikin hanyar sadarwar a bayyane. Kalmomin shiga na shiga, lambobin katin banki, har ma da tattaunawar sirri duk za a iya kama su ta hanyar dandali mai kyau. Tushen wannan shine rashin ɓoyewar HTTP.
Don haka ta yaya HTTPS, da "mai tsaron ƙofa" a bayansa, TLS, ke ba da damar bayanai suyi tafiya cikin aminci a cikin Intanet? Bari mu karya shi Layer by Layer.
HTTPS = HTTP + TLS/SSL --- Tsarin da Muhimman Ka'idoji
1. Menene HTTPS a zahiri?
HTTPS (HyperText Canja wurin Protocol Secure) = HTTP + Layer ɓoye (TLS/SSL)
○ HTTP: Wannan yana da alhakin jigilar bayanai, amma ana iya ganin abun cikin a bayyane
○ TLS/SSL: Yana ba da "kulle kan ɓoyewa" don sadarwar HTTP, yana mai da bayanan zuwa wasan wasa wanda kawai mai aikawa da mai karɓa kawai zai iya warwarewa.
Hoto 1: Gudun bayanan HTTP vs HTTPS.
"Kulle" a mashigin adireshi mai bincike shine Tutar tsaro ta TLS/SSL.
2. Menene dangantaka tsakanin TLS da SSL?
○ SSL (Secure Sockets Layer): Farkon ƙa'idar sirri, wacce aka gano tana da munanan lahani.
TLS (Transport Layer Security): Magaji zuwa SSL, TLS 1.2 da ƙarin ci gaba TLS 1.3, waɗanda ke ba da ingantaccen ci gaba a cikin tsaro da aiki.
A kwanakin nan, "Takaddun shaida na SSL" aiwatarwa ne kawai na ƙa'idar TLS, kawai kari mai suna.
Zurfafa cikin TLS: Sihirin Cryptographic Behind HTTPS
1. An gama warware kwararar musafaha
Tushen amintaccen sadarwar TLS shine rawan musafaha a lokacin saiti. Bari mu rushe daidaitattun kwararar musafaha na TLS:
Hoto 2: Gudun musafaha na yau da kullun na TLS.
1️⃣ Saitin Haɗin TCP
Abokin ciniki (misali, mai bincike) yana ƙaddamar da haɗin TCP zuwa uwar garken (daidaitaccen tashar jiragen ruwa 443).
2️⃣ Matakin musafaha TLS
○ Abokin ciniki Sannu: Mai binciken yana aika nau'in TLS mai goyan bayan, cipher, da lambar bazuwar tare da Alamar Sunan uwar garken (SNI), wanda ke gaya wa uwar garken sunan mai masaukin da yake son shiga (yana ba da damar raba IP a cikin shafuka da yawa).
Sannu uwar garke & Batun Takaddun shaida: Sabar ta zaɓi sigar TLS da ta dace da siffa, kuma ta aika da takardar shaidar ta (tare da maɓallin jama'a) da lambobi bazuwar.
○ Tabbatar da takaddun shaida: Mai bincike yana tabbatar da sarkar satifiket ɗin uwar garken har zuwa amintaccen tushen CA don tabbatar da cewa ba a ƙirƙira shi ba.
○ Ƙirƙirar maɓalli na farko: Mai bincike yana ƙirƙirar maɓallin premaster, ya ɓoye shi tare da maɓallin jama'a na uwar garken, sannan ya aika zuwa uwar garken. Bangarori biyu suna tattaunawa maɓallin zama: Yin amfani da lambobi bazuwar ɓangarorin biyu da maɓallin premaster, abokin ciniki da uwar garken suna ƙididdige maɓallin ɓoyayyen simmetric iri ɗaya.
○ Ƙarfafa musafaha: Duk ɓangarorin biyu suna aika saƙon "Gama" ga juna kuma su shigar da ɓoyayyen lokacin watsa bayanai.
3️⃣ Amintaccen Canja wurin Data
Duk bayanan sabis an rufaffen su da maɓalli tare da maɓallin zaman da aka yi shawarwari da kyau, ko da an kama su a tsakiya, gungun “lambar garbled ne kawai”.
4️⃣ Sake Amfani da Zama
TLS tana goyan bayan Zama kuma, wanda zai iya haɓaka aiki sosai ta hanyar kyale abokin ciniki iri ɗaya ya tsallake musafaha mai wahala.
Asymmetric boye-boye (kamar RSA) yana da tsaro amma a hankali. Sirri na simmetric yana da sauri amma rarraba maɓalli yana da wahala. TLS tana amfani da dabarar "mataki biyu" na farko-farko amintaccen maɓalli mai asymmetric sannan kuma tsarin daidaitawa don ɓoye bayanan da kyau.
2. Juyin Algorithm da inganta tsaro
RSA da Diffie-Hellman
○ RSA
An fara amfani da shi sosai yayin musafaha na TLS don rarraba maɓallan zaman amintattu. Abokin ciniki ya samar da maɓallin zama, ya ɓoye shi tare da maɓallin jama'a na uwar garken, kuma ya aika da shi ta yadda uwar garken kawai za ta iya ɓoye shi.
○ Diffie-Hellman (DH/ECDH)
Tun daga TLS 1.3, RSA ba a sake amfani da shi don musayar maɓalli don samun ƙarin amintattun DH/ECDH algorithms waɗanda ke goyan bayan sirrin gaba (PFS). Ko da maɓalli na sirri ya leko, bayanan tarihi har yanzu ba za a iya buɗe su ba.
| Farashin TLS | key Exchange Algorithm | Tsaro |
| TLS 1.2 | RSA/DH/ECDH | Mafi girma |
| TLS 1.3 | kawai don DH/ECDH | Mafi Girma |
Shawarwari Mai Kyau wanda Masu aikin Sadarwa dole ne Jagora
○ Haɓaka fifiko zuwa TLS 1.3 don ɓoye ɓoye cikin sauri da aminci.
○ Kunna manyan ciphers (AES-GCM, ChaCha20, da dai sauransu) da kuma kashe algorithms masu rauni da ƙa'idodi marasa tsaro (SSLv3, TLS 1.0);
○ Sanya HSTS, OCSP Stapling, da sauransu don inganta kariyar HTTPS gabaɗaya;
○ Sabuntawa akai-akai da duba sarkar takardar shaida don tabbatar da inganci da amincin sarkar amana.
Ƙarshe & Tunani: Shin kasuwancin ku yana da aminci da gaske?
Daga fassarorin HTTP zuwa cikakkiyar rufaffen HTTPS, buƙatun tsaro sun samo asali a bayan kowace haɓakar yarjejeniya. A matsayin ginshiƙin rufaffen sadarwa a cikin hanyoyin sadarwa na zamani, TLS tana ci gaba da inganta kanta don tinkarar yanayin daɗaɗɗen kai hari.
Shin kasuwancin ku yana amfani da HTTPS? Shin tsarin ku na crypto ya yi daidai da mafi kyawun ayyuka na masana'antu?
Lokacin aikawa: Yuli-22-2025
