Kāore te haumarutanga i te mea hei whiringa i ēnei rā, engari he akoranga e hiahiatia ana mō ngā kaimahi hangarau Ipurangi katoa. HTTP, HTTPS, SSL, TLS - E tino mārama ana koe ki ngā mea e tū ana i muri i ngā whakaaturanga? I roto i tēnei tuhinga, ka whakamāramahia e mātou te ariā matua o ngā kawa whakawhitiwhiti kōrero whakamuna hou i roto i te huarahi māmā noa iho, ā, mā te ngaio hoki, ka āwhina i a koe ki te mārama ki ngā mea ngaro "kei muri i ngā raka" mā te whakamahi i tētahi tūtohi rere tirohanga.
He aha te take e "kore haumaru" ai te HTTP? --- Kupu Whakataki
Kei te mahara koe ki taua whakatūpato pūtirotiro rongonui?
"Kāore tō hononga i te tūmataiti."
Kia kore ai e whakatinanahia e te paetukutuku te HTTPS, ka tukuna katoatia ngā mōhiohio a te kaiwhakamahi puta noa i te whatunga i roto i te tuhinga māmā. Ka taea e te kaipahua te hopu i ō kupuhipa takiuru, ngā tau kāri peeke, tae atu ki ngā kōrero tūmataiti. Ko te pūtake o tēnei ko te kore whakamunatanga a te HTTP.
Nā, me pēhea te HTTPS, me te "kaitiaki tatau" kei muri i a ia, arā, te TLS, e tuku ai i ngā raraunga kia haere haumaru puta noa i te Ipurangi? Me wehewehea kia papatahi.
HTTPS = HTTP + TLS/SSL --- Hanganga me ngā Ariā Matua
1. He aha te tikanga o te HTTPS?
HTTPS (HyperKuputuhi Whakawhiti Haumaru) = HTTP + Papa Whakamuna (TLS/SSL)
○ HTTP: Ko tēnei te kawenga mō te kawe i ngā raraunga, engari ka kitea te ihirangi i roto i te tuhinga māmā
○ TLS/SSL: Ka whakarato i tētahi "raka whakamunatanga" mō te whakawhitiwhiti kōrero HTTP, ka huri i ngā raraunga hei panga ka taea e te kaituku me te kaiwhiwhi tika anake te whakaoti.
Pikitia 1: Te rere o ngā raraunga HTTP me HTTPS.
Ko te "Maukati" i roto i te pae wāhitau pūtirotiro ko te haki haumarutanga TLS/SSL.
2. He aha te whanaungatanga i waenga i te TLS me te SSL?
○ SSL (Secure Sockets Layer): Ko te kawa whakamuna tuatahi, kua kitea he ngoikoretanga nui.
○ TLS (Haumarutanga Papa Whakawhiti): Ko te uri o muri i a SSL, ko TLS 1.2 me te TLS 1.3 matatau ake, e tuku ana i ngā whakapainga nui ki te haumarutanga me te mahi.
I ēnei rā, ko ngā "tiwhikete SSL" he whakatinanatanga noa iho o te kawa TLS, he toronga kua whakaingoatia noa iho.
Te hohonu ki roto i te TLS: Te Makutu Tuhituhi i Muri i te HTTPS
1. Kua tino whakatauhia te rere o te rūrū ringa
Ko te tūāpapa o te whakawhitiwhiti kōrero haumaru TLS ko te kanikani rūrū i te wā whakatū. Me wehewehe tātou i te rere rūrū paerewa TLS:
Pikitia 2: He rere rūrū ā-ringa TLS noa.
1️⃣ Tatūnga Hononga TCP
Ka tīmatahia e te kiritaki (hei tauira, he pūtirotiro) he hononga TCP ki te tūmau (tauranga paerewa 443).
2️⃣ Wāhanga Ringaringa TLS
○ Kia ora te kiritaki: Ka tukuna e te pūtirotiro te putanga TLS e tautokona ana, te tohu huna, me te tau matapōkere me te Tūtohu Ingoa Tūmau (SNI), e kī ana ki te tūmau ko tēhea ingoa manaaki e hiahia ana ia ki te uru atu (e whakahohe ana i te tiritiri IP puta noa i ngā pae maha).
○ Take Kia ora Tūmau me te Tiwhikete: Ka tīpakohia e te tūmau te putanga TLS me te whakamuna e tika ana, ka tukuna atu tana tiwhikete (me te kī tūmatanui) me ngā tau matapōkere.
○ Whakamana Tiwhikete: Ka manatoko te pūtirotiro i te mekameka tiwhikete tūmau tae noa ki te CA pakiaka pono kia kore ai e tinihangatia.
○ Te whakaputa kī matua-mua: Ka whakaputa te pūtirotiro i tētahi kī matua-mua, ka whakamunatia ki te kī tūmatanui o te tūmau, ka tukuna ki te tūmau. Ka whiriwhiria e ngā rōpū e rua te kī wātū: Mā te whakamahi i ngā tau matapōkere o ngā rōpū e rua me te kī matua-mua, ka tatau te kiritaki me te tūmau i te kī wātū whakamunatanga ōrite kotahi.
○ Te whakaoti i te rūrū ringa: Ka tukuna e ngā taha e rua ngā karere "Kua Oti" ki a rātou anō, ā, ka uru atu ki te wāhanga tuku raraunga whakamuna.
3️⃣ Whakawhiti Raraunga Haumaru
Ka whakamunatia ngā raraunga ratonga katoa kia ōrite te āhua me te kī wātū kua whiriwhiria, ahakoa ka haukotia i waenganui, he paihere "waehere pōhēhē" noa iho.
4️⃣ Whakamahinga Anō o te Wāhanga
Ka tautoko anō a TLS i a Session, ka taea e tēnei te whakapai ake i te mahi mā te tuku i te kiritaki kotahi kia kaua e mahi i te rūrū ringa hoha.
He haumaru te whakamunatanga kore-taurite (pērā i te RSA) engari he puhoi. He tere te whakamunatanga ōrite engari he uaua te tohatoha kī. Ka whakamahia e te TLS tētahi rautaki "rua-taahiraa" - tuatahi he whakawhiti kī haumaru kore-taurite, kātahi ka whai i tētahi kaupapa ōrite hei whakamuna i ngā raraunga.
2. Te whanaketanga o te raupaparorohiko me te whakapai ake i te haumarutanga
RSA me Diffie-Hellman
○ RSA
I whakamahia whānuitia i te wā o te TLS handshake hei tohatoha haumaru i ngā kī wātū. Ka whakaputa te kiritaki i tētahi kī wātū, ka whakamunatia ki te kī tūmatanui o te tūmau, ka tukuna kia taea ai e te tūmau anake te wetewete.
○ Diffie-Hellman (DH/ECDH)
Mai i te TLS 1.3, kāore te RSA e whakamahia ana mō te whakawhiti kī, engari kua whakamahia ngā rauropi DH/ECDH haumaru ake e tautoko ana i te huna whakamua (PFS). Ahakoa ka turuturu te kī tūmataiti, kāore tonu e taea te iriti i ngā raraunga hītori.
| Putanga TLS | Pūnaha Whakawhiti Kī | Haumarutanga |
| TLS 1.2 | RSA/DH/ECDH | Teitei ake |
| TLS 1.3 | mō te DH/ECDH anake | Teitei Ake |
Ngā Tohutohu Whaihua me Mātau e Ngā Kaiwhakamahi Whatunga
○ Whakapai ake ki te TLS 1.3 mō te whakamunatanga tere ake, haumaru ake hoki.
○ Whakahohe i ngā tohu huna kaha (AES-GCM, ChaCha20, me ētahi atu) me te whakakore i ngā rauropi ngoikore me ngā kawa haumaru kore (SSLv3, TLS 1.0);
○ Whirihorahia te HSTS, te OCSP Stapling, me ētahi atu hei whakapai ake i te parenga HTTPS whānui;
○ Whakahōu me te arotake i te mekameka tiwhikete i ia wā, i ia wā, kia mau tonu ai te mana me te pono o te mekameka whakawhirinaki.
Whakatau me ngā Whakaaro: He tino haumaru tō pakihi?
Mai i te HTTP tuhinga noa ki te HTTPS kua whakamunahia katoatia, kua whanake haere ngā whakaritenga haumarutanga i muri i ia whakahoutanga kawa. Hei tūāpapa mō te whakawhitiwhiti kōrero kua whakamunahia i roto i ngā whatunga hou, kei te whakapai tonu te TLS i a ia anō kia taea ai te aro atu ki te taiao whakaeke uaua haere.
Kei te whakamahi kē tō pakihi i te HTTPS? Kei te hangai tō whirihoranga matihiko ki ngā tikanga pai o te ahumahi?
Wā tuku: Hurae-22-2025
