Qhov txawv ntawm http vs https yog dab tsi? Cov lus piav qhia ntxaws txog txheej txheem SSL encryption

Nrog rau kev loj hlob sai ntawm Is Taws Nem, qee cov neeg ua raws li lawv xav tauWechat kev lag luam,Public account promotion, tab sis ywsKev Lag Luam Hauv Internettsis ua haujlwm, ua tauxov xwm tshiabTxoj hauv kev zoo tshaj plaws rau cov neeg ua lag luam hauv Internet yog los ntawm kev tshawb fawb xyawdej ntwskom muaj nuj nqis.

Yog li ntawd, kev tshawb fawb xyaw yog qhov nrov tshaj plaws niaj hnub noWeb Promotionib txoj kev.

Ntxiv mus, cov kev tshawb fawb xyaw Google thiab Baidu tau tshaj tawm hais tias https yog suav nrog hauv kev tshawb fawb cav qeb duas.

tshwj xeebE-kev lag luamRau cov vev xaib, nws raug nquahu kom siv https encryption raws tu qauv, uas tsis tsuas yog pab txhim kho cov qeb duas, tab sis kuj pab cov neeg siv paub lub vev xaib kom nyab xeeb.

Hypertext Transfer Protocol HTTP raws tu qauv yog siv los hloov cov ntaub ntawv ntawm lub web browser thiab web server. HTTP raws tu qauv xa cov ntsiab lus hauv cov ntawv ntshiab thiab tsis muab cov ntaub ntawv encryption. raws tu qauv tsis haum rau kev xa ib co ntaub ntawv rhiab heev, xws li credit card naj npawb, password thiab lwm yam ntaub ntawv them nyiaj.

Txhawm rau daws qhov teeb meem no ntawm HTTP raws tu qauv, yuav tsum tau siv lwm txoj cai: lub qhov (socket) txheej txheej ruaj ntseg hypertext hloov raws tu qauv HTTPS. Rau kev ruaj ntseg ntawm cov ntaub ntawv xa mus, HTTPS ntxiv SSL raws tu qauv rau HTTP, thiab SSL tso siab rau daim ntawv pov thawj los xyuas qhov tseeb. server., thiab encrypt kev sib txuas lus ntawm browser thiab server.

XNUMX. Cov ntsiab lus tseem ceeb ntawm HTTP thiab HTTPS

HTTP: yog cov txheej txheem siv ntau tshaj plaws hauv Is Taws Nem, nws yog tus neeg siv khoom-sab thiab server-sab thov thiab cov qauv lus teb (TCP), uas yog siv los xa cov ntawv hypertext los ntawm WWW server mus rau qhov browser hauv zos. muaj txiaj ntsig, ua rau muaj kev hloov pauv hauv network tsawg dua.

HTTPS: Nws yog qhov ruaj ntseg HTTP channel. Hauv luv, nws yog qhov ruaj ntseg version ntawm HTTP, uas yog, ntxiv txheej SSL rau HTTP. Lub hauv paus kev ruaj ntseg ntawm HTTPS yog SSL, yog li cov ncauj lus kom ntxaws ntawm encryption yuav tsum tau SSL.

Lub luag haujlwm tseem ceeb ntawm HTTPS raws tu qauv tuaj yeem muab faib ua ob hom: ib qho yog tsim kom muaj cov ntaub ntawv kev ruaj ntseg channel kom muaj kev ruaj ntseg ntawm cov ntaub ntawv xa mus; lwm qhov yog kom paub meej tias qhov tseeb ntawm lub vev xaib.

XNUMX. Qhov txawv ntawm HTTP thiab HTTPS yog dab tsi?

Cov ntaub ntawv xa los ntawm HTTP raws tu qauv yog unencrypted, uas yog, nyob rau hauv cov ntawv dawb, yog li ntawd, nws yog ib qho yooj yim heev rau siv HTTP raws tu qauv kom xa cov ntaub ntawv ntiag tug. SSL (Secure Sockets Layer) raws tu qauv rau HTTPS tau yug los rau encrypt cov ntaub ntawv xa los ntawm HTTP raws tu qauv.

Cias muab tso, HTTPS raws tu qauv yog lub network raws tu qauv tsim los ntawm SSL + HTTP raws tu qauv uas muaj peev xwm ua tau encrypted kis tau tus mob thiab authentication ntawm tus kheej, thiab muaj kev ruaj ntseg dua li http raws tu qauv.

Qhov sib txawv tseem ceeb ntawm HTTPS thiab HTTP yog raws li hauv qab no:

• 1. Cov txheej txheem https yuav tsum tau mus rau ca kom thov daim ntawv pov thawj.
• 2. http yog ib tug hypertext hloov raws tu qauv, cov ntaub ntawv yog kis nyob rau hauv plaintext, thiab https yog ib tug ruaj ntseg ssl encrypted hloov lwm lub tsev raws tu qauv.
• 3. http thiab https siv txoj kev sib txuas sib txawv thiab cov chaw nres nkoj sib txawv, qhov qub yog 80 thiab tom kawg yog 443.
• 4. Kev sib txuas ntawm http yog qhov yooj yim heev thiab tsis muaj lub xeev; HTTPS raws tu qauv yog lub network raws tu qauv tsim los ntawm SSL + HTTP raws tu qauv uas muaj peev xwm ua tau encrypted kis tau tus mob thiab authentication tus kheej, uas muaj kev nyab xeeb dua li http raws tu qauv.

XNUMX. Kev piav qhia ntxaws txog HTTPS thiab SSL txheej txheem encryption

Peb txhua tus paub tias HTTPS tuaj yeem nkag siab cov ntaub ntawv los tiv thaiv cov ntaub ntawv rhiab los ntawm cov neeg thib peb, yog li ntau lub vev xaib hauv tuam txhab lossis email thiab lwm yam kev pabcuam uas muaj kev ruaj ntseg siab dua yuav siv HTTPS raws tu qauv.

1. Tus neeg siv khoom pib thov HTTPS

Qhov no tsis muaj dab tsi hais, uas yog, tus neeg siv nkag mus rau https URL hauv qhov browser, thiab tom qab ntawd txuas mus rau 443 chaw nres nkoj ntawm server.

2. Server configuration

Tus neeg rau zaub mov uas siv HTTPS raws tu qauv yuav tsum muaj cov ntawv pov thawj digital, uas tuaj yeem ua los ntawm koj tus kheej lossis siv rau lub koom haum. daim ntawv pov thawj thov los ntawm ib lub tuam txhab ntseeg tsis tau.

Daim ntawv pov thawj no yeej yog ib khub ntawm public key thiab private key. Yog tias koj tsis nkag siab txog public key thiab private key, koj yuav xav tias nws yog tus yuam sij thiab lub xauv, tab sis koj yog tib tus neeg hauv ntiaj teb uas muaj qhov no. tus yuam sij, koj tuaj yeem xauv lub xauv, muab rau lwm tus, lwm tus tuaj yeem siv lub xauv qhov tseem ceeb, thiab xa mus rau koj, vim tias koj tsuas muaj tus yuam sij no xwb, tsuas yog koj tuaj yeem pom cov khoom xauv ntawm lub xauv no.

3. Xa daim ntawv pov thawj

Daim ntawv pov thawj no yog qhov tseem ceeb rau pej xeem, tab sis muaj ntau cov ntaub ntawv, xws li daim ntawv pov thawj txoj cai, lub sij hawm tas sij hawm, thiab lwm yam.

4. Client parsing daim ntawv pov thawj

Ib feem ntawm txoj haujlwm no yog ua los ntawm tus neeg siv khoom TLS. Ua ntej, nws yuav kuaj xyuas seb tus yuam sij rau pej xeem puas siv tau, xws li kev tshaj tawm txoj cai, lub sijhawm tas sijhawm, thiab lwm yam. Yog tias pom muaj kev zam, lub thawv ceeb toom yuav tshwm, qhia tias muaj teeb meem nrog daim ntawv pov thawj.

Yog tias tsis muaj teeb meem nrog daim ntawv pov thawj, ces tsim tus nqi random, thiab tom qab ntawd siv daim ntawv pov thawj los encrypt tus nqi random, raws li tau hais los saum no, xauv tus nqi random nrog lub xauv, yog li tshwj tsis yog muaj tus yuam sij, koj tsis tuaj yeem pom qhov xauv tus nqi ntsiab lus.

5. Kev xa cov ntaub ntawv encrypted

Qhov no xa cov nqi random encrypted nrog daim ntawv pov thawj, lub hom phiaj yog kom tus neeg rau zaub mov tau txais tus nqi random no, thiab tom qab ntawd kev sib txuas lus ntawm tus neeg siv khoom thiab cov neeg rau zaub mov tuaj yeem raug encrypted thiab decrypted los ntawm tus nqi random.

6. Kev pab cuam ntu decryption cov ntaub ntawv

Tom qab tus neeg rau zaub mov decrypts nrog tus yuam sij ntiag tug, nws tau txais tus nqi random (private key) xa los ntawm tus neeg siv khoom, thiab tom qab ntawd encrypts cov ntsiab lus symmetrically los ntawm tus nqi. Ua li no, tshwj tsis yog tus yuam sij ntiag tug paub, cov ntsiab lus tsis tuaj yeem tau txais, thiab ob tus neeg siv khoom thiab tus neeg rau zaub mov paub tus yuam sij ntiag tug, tsuav yog tias qhov encryption algorithm muaj zog txaus thiab tus yuam sij ntiag tug yog qhov nyuaj txaus, cov ntaub ntawv muaj kev nyab xeeb txaus.

7. Kev xa cov ntaub ntawv encrypted

Ib feem ntawm cov ntaub ntawv no yog cov ntaub ntawv encrypted los ntawm tus yuam sij ntiag tug ntawm ntu kev pabcuam thiab tuaj yeem rov qab los ntawm tus neeg siv khoom.

8. Client decryption cov ntaub ntawv

Tus neeg siv khoom decrypts cov ntaub ntawv xa los ntawm ntu kev pabcuam nrog tus yuam sij ntiag tug yav dhau los, thiab yog li tau txais cov ntsiab lus decrypted.

Plaub, tus cwj pwm ntawm kev tshawb fawb xyaw rau HTTPS

Baidu tau tshaj tawm tag nrho-site HTTPS encrypted search service los daws qhov "thib neeg thib peb" sniffing thiab hijacking ntawm tus neeg siv kev ceev ntiag tug. Qhov tseeb, txij thaum lub Tsib Hlis 2010, Google pib muab HTTPS encrypted search service. Ntawm qhov teeb meem, Baidu tau hais hauv ib tsab ntawv tshaj tawm nyob rau lub Cuaj Hlis 5 tias "Baidu yuav tsis nquag nkag HTTPS nplooj ntawv web", thaum Google tau hais hauv kev hloov kho algorithm tias "nyob rau hauv tib lub sijhawm, cov chaw siv HTTPS encryption technology yuav muaj kev tshawb fawb zoo dua. Advantage".

Yog li, nyob rau hauv qhov chaw loj no, cov webmasters yuav tsum tau txais "kev pheej hmoo" HTTPS raws tu qauv? HTTPS rau kev tshawb nrhiav cavSEOQhov cuam tshuam li cas?

1. Google tus cwj pwm

Google tus cwj pwm rau HTTPS qhov chaw tsis txawv ntawm nws tus cwj pwm ntawm HTTP cov chaw, thiab txawm siv "txawm yuav siv kev ruaj ntseg encryption" (HTTPS) raws li qhov tseem ceeb hauv kev tshawb nrhiav algorithm. Cov vev xaib siv HTTPS encryption technology tuaj yeem tau txais txiaj ntsig zoo dua. ntau lub sijhawm tso saib, thiab qhov qeb duas kuj tseem muaj txiaj ntsig zoo dua li HTTP cov chaw ntawm cov chaw zoo sib xws.

Thiab Google tau hais meej tias nws "cia siab tias txhua tus webmasters yuav tuaj yeem siv HTTPS raws tu qauv hloov HTTP", uas qhia nws qhov kev txiav txim siab kom ua tiav lub hom phiaj ntawm "HTTPS txhua qhov chaw".

2. Baidu tus cwj pwm

Yav dhau los, Baidu's thev naus laus zis tau rov qab los, hais tias "nws yuav tsis nkag siab https nplooj ntawv", tab sis nws kuj tau "kev txhawj xeeb" txog "ntau nplooj ntawv https tsis tuaj yeem suav nrog". "Yuav ua li cas los tsim https sites." Ib tsab xov xwm tau tshaj tawm txog qhov teeb meem ntawm "Tus phooj ywg rau Baidu", muab plaub lub tswv yim thiab kev ua tshwj xeeb rau "txhim kho Baidu-friendliness ntawm https qhov chaw":

1. Ua http siv tau versions rau https nplooj ntawv uas yuav tsum tau indexed los ntawm Baidu search engine.

2. Txiav txim tus qhua los ntawm tus neeg siv-tus neeg sawv cev, thiab teeb BaiLub duspider raug coj mus rau nplooj ntawv http.Thaum cov neeg siv tib yam mus saib nplooj ntawv los ntawm Baidu search engine, lawv yuav raug xa rov qab mus rau nplooj ntawv https mus txog 301.Raws li pom hauv daim duab, daim duab saum toj no qhia tau hais tias http version suav nrog hauv Baidu, thiab daim duab hauv qab qhia tau tias cov neeg siv yuav cia li dhia mus rau https version tom qab txhaj.

3. Tus http version tsis yog tsuas yog tsim rau lub homepage xwb, lwm cov nplooj ntawv tseem ceeb kuj yuav tsum tau ua tus http version thiab txuas rau ib leeg, tsis txhob ua li no: qhov txuas ntawm nplooj ntawv http nplooj ntawv tseem txuas rau nplooj ntawv https, uas ua rau Baiduspider tsis tuaj yeem nkag mus txuas ntxiv - Peb tau ntsib cov xwm txheej zoo li no uas peb tuaj yeem suav nrog ib nplooj ntawv hauv tsev rau tag nrho lub xaib.

4. Qee cov ntsiab lus uas tsis tas yuav encrypted, xws li cov ntaub ntawv, tuaj yeem nqa los ntawm lub npe thib ob.piv txwvAlipayLub vev xaib, cov ntsiab lus tseem ceeb encrypted tau muab tso rau ntawm https, cov ntsiab lus uas tuaj yeem rub ncaj qha los ntawm Baiduspider tau muab tso rau ntawm lub npe thib ob.

Raws li kev sim rau Computer Science House hauv qhov txuas hauv qab no, nws yuav siv sijhawm 114 milliseconds los tsim kev sib txuas nrog HTTP; nws yuav siv sijhawm 436 milliseconds los tsim kev sib txuas nrog HTTPS, thiab 322 milliseconds rau ssl ib feem, suav nrog lub network ncua sijhawm thiab nyiaj siv ua haujlwm. ntawm encryption thiab decryption ntawm ssl nws tus kheej (tus neeg rau zaub mov raws li cov ntaub ntawv ntawm tus neeg siv Kev txiav txim siab seb tus yuam sij tshiab yuav tsum tau tsim; tus neeg rau zaub mov teb rau tus yuam sij tus tswv thiab xa cov lus lees paub nrog tus yuam sij rau tus neeg siv khoom; tus neeg rau zaub mov thov tus neeg siv khoom kos npe digital thiab pej xeem tus yuam sij).

XNUMX. HTTPS siv ntau npaum li cas tshaj HTTP?

HTTPS yog qhov tseeb HTTP raws tu qauv tsim nyob rau sab saum toj ntawm SSL / TLS. Yog li ntawd, los sib piv ntau npaum li cas cov servers siv los ntawm HTTPS dua HTTP,Chen WeiliangKuv xav tias nws tsuas yog nyob ntawm seb muaj pes tsawg tus neeg siv khoom siv tau siv los ntawm SSL / TLS nws tus kheej.

HTTP siv TCP peb txoj kev sib tuav tes los tsim kev sib txuas, thiab cov neeg siv khoom thiab cov neeg rau zaub mov yuav tsum tau pauv 3 pob ntawv;

Ntxiv rau peb pob ntawv TCP, HTTPS kuj ntxiv 9 pob ntawv xav tau rau kev sib tuav tes ssl, yog li muaj 12 pob ntawv tag nrho.

Tom qab kev sib txuas SSL tau tsim, cov txheej txheem encryption tom ntej dhau los ua ib txoj hauv kev zoo sib xws xws li 3DES, uas muaj lub teeb ci CPU load. Piv nrog rau asymmetric encryption txoj kev thaum SSL kev twb kev txuas yog tsim, load ntawm symmetric encryption txoj kev ntawm CPU. Txawm hais tias qhib HTTPS kom ciaj sia tuaj yeem txo qhov teeb meem kev ua haujlwm ntawm ib qho kev sib txuas, nws tsis haum rau Cov vev xaib loj loj nrog cov neeg siv ntau qhov sib txuam., ib qho kev ywj pheej SSL txiav tawm npe raws li kev sib koom thauj khoom yog qhov tseem ceeb.Qhov kev pabcuam Web tau muab tso rau tom qab SSL txiav tawm npe, SSL txiav tawm npe tuaj yeem yog kho vajtse, xws li F5; los yog nws tuaj yeem ua raws liSoftwareYog lawm, piv txwv li, Wikipedia siv Nginx.

Tom qab siv HTTPS, ntau npaum li cas cov neeg siv khoom siv yuav raug siv, Lub Ib Hlis 2010GmailHloov mus rau tag nrho kev siv HTTPS, CPU load ntawm lub tshuab ua ntej-kawg SSL yuav tsis nce ntau dua 1%, lub cim xeeb noj ntawm txhua qhov kev sib txuas yuav tsawg dua 20KB, thiab cov tsheb khiav hauv network yuav nce tsawg dua 2%. . Txij li Gmail yuav tsum siv N servers rau kev faib tawm, yog li CPU load cov ntaub ntawv tsis muaj qhov tseem ceeb siv ntau. Lub cim xeeb noj thiab cov ntaub ntawv sib txuas hauv network ntawm txhua qhov kev sib txuas yog qhov tseem ceeb. Kab lus no kuj sau tias ib qho tseem ceeb ua haujlwm txog 1500 handshakes. ib ob (rau 1024-ntsis RSA). ), cov ntaub ntawv no yog cov ntaub ntawv heev.

XNUMX. Qhov zoo ntawm HTTPS

Nws yog qhov tseeb vim tias HTTPS muaj kev nyab xeeb heev uas cov neeg tawm tsam tsis tuaj yeem nrhiav qhov chaw pib.

1. SEO yam

Google tau kho nws qhov kev tshawb nrhiav cav algorithm thaum Lub Yim Hli 2014, hais tias "ib qhov chaw encrypted nrog HTTPS yuav nyob qib siab dua hauv cov txiaj ntsig tshawb fawb dua li qhov sib npaug HTTP site".

2. Kev ruaj ntseg

Txawm hais tias HTTPS tsis muaj kev nyab xeeb kiag li, cov koom haum uas paub cov ntawv pov thawj hauv paus thiab cov koom haum uas muaj kev nkag siab zoo ntawm cov txheej txheem tseem tuaj yeem ua rau tib neeg hauv nruab nrab, tab sis HTTPS tseem yog qhov kev nyab xeeb tshaj plaws nyob rau hauv cov qauv tam sim no, nrog rau cov txiaj ntsig hauv qab no:

(1) Siv HTTPS raws tu qauv los txheeb xyuas cov neeg siv thiab cov servers kom ntseeg tau tias cov ntaub ntawv raug xa mus rau cov neeg siv khoom thiab cov neeg rau zaub mov raug;

(2) HTTPS raws tu qauv yog lub network raws tu qauv tsim los ntawm SSL + HTTP raws tu qauv uas muaj peev xwm ua tau encrypted kis tau tus mob thiab authentication ntawm tus kheej. kev ncaj ncees ntawm cov ntaub ntawv.

(3) HTTPS yog qhov kev daws teeb meem ruaj ntseg tshaj plaws nyob rau hauv cov qauv tam sim no.Txawm hais tias nws tsis muaj kev nyab xeeb kiag li, nws ua rau tus nqi ntawm kev tawm tsam ntawm tib neeg hauv nruab nrab.

XNUMX. Qhov tsis zoo ntawm HTTPS

Txawm hais tias HTTPS muaj qhov zoo tshaj plaws, nws tseem muaj qee qhov tsis txaus, tshwj xeeb, muaj ob lub ntsiab lus hauv qab no:

1. SEO yam

Raws li ACM CoNEXT cov ntaub ntawv, siv HTTPS raws tu qauv yuav ncua lub sijhawm thauj khoom ntawm nplooj ntawv ze li 50% thiab nce lub zog siv los ntawm 10% mus rau 20%. Tsis tas li ntawd, HTTPS raws tu qauv tseem yuav cuam tshuam rau lub cache, nce cov ntaub ntawv nyiaj siv ua haujlwm thiab kev siv hluav taws xob. , thiab txawm tias Kev Ntsuas Kev Nyab Xeeb uas twb muaj lawm yuav raug cuam tshuam thiab yuav raug cuam tshuam raws li.

Ntxiv mus, qhov encryption Scope ntawm HTTPS raws tu qauv yog qhov txwv, thiab nws tsis tshua muaj lub luag haujlwm hauv kev tawm tsam hacker, tsis kam lees txais kev pabcuam tawm tsam, thiab nyiag neeg rau zaub mov.

Qhov tseem ceeb tshaj plaws, cov credit saw system ntawm SSL daim ntawv pov thawj tsis muaj kev nyab xeeb, tshwj xeeb tshaj yog thaum qee lub tebchaws tuaj yeem tswj hwm daim ntawv pov thawj CA hauv paus, kev tawm tsam ntawm tus txiv neej-hauv nruab nrab yog ua tau.

2. Kev lag luam

(1) SSL daim ntawv pov thawj xav tau nyiaj ntau dua, daim ntawv pov thawj muaj zog dua, tus nqi siab dua, tus kheej lub vev xaib tuaj yeem siv daim ntawv pov thawj SSL dawb.

(2) SSL daim ntawv pov thawj feem ntau yuav tsum tau khi rau IP, thiab ntau lub npe sau npe tsis tuaj yeem khi rau tib tus IP. IPv4 cov peev txheej tsis tuaj yeem txhawb nqa qhov kev noj no (SSL muaj qhov txuas ntxiv uas tuaj yeem daws qhov teeb meem no ib nrab, tab sis nws muaj teeb meem thiab xav tau browsers, kev txhawb nqa System, Windows XP tsis txhawb qhov txuas ntxiv no, xav txog lub hauv paus ntawm XP, qhov no yuav luag tsis muaj txiaj ntsig).

(3) HTTPS kev sib txuas caching tsis ua haujlwm zoo li HTTP, thiab cov vev xaib tsheb loj yuav tsis siv nws tshwj tsis yog tias tsim nyog, thiab cov nqi tsheb khiav yog siab dhau.

(4) HTTPS kev sib txuas server-sab kev siv nyiaj ntau dua, thiab kev txhawb nqa cov vev xaib nrog cov neeg tuaj saib me ntsis xav tau tus nqi loj dua. Yog tias txhua HTTPS siv, tus nqi nruab nrab ntawm VPS raws li qhov kev xav tias feem ntau ntawm cov khoom siv suav tsis ua haujlwm. yuav nce.

(5) Lub sijhawm tuav tes ntawm HTTPS raws tu qauv yog siv sijhawm ntev thiab muaj kev cuam tshuam tsis zoo rau qhov sib txuas ceev ntawm lub vev xaib yog tias tsis tsim nyog, tsis muaj laj thawj los txi cov kev paub ntawm cov neeg siv.

XNUMX. Puas yog lub vev xaib yuav tsum siv HTTPS encryption?

Txawm hais tias Google thiab Baidu ob leeg "saib HTTPS txawv", qhov no tsis tau txhais hais tias webmasters yuav tsum hloov lub vev xaib raws tu qauv rau HTTPS!

Ua ntej tshaj plaws, cia peb tham txog Google. Txawm hais tias Google tseem hais ntxiv tias "cov vev xaib siv HTTPS encryption thev naus laus zis tuaj yeem tau txais qeb duas zoo dua", nws tsis tuaj yeem txiav txim siab tias qhov no yog "qhov kev xav tsis zoo" txav mus.

Cov kws tshuaj ntsuam txawv teb chaws ib zaug hais rau cov lus teb rau qhov teeb meem no: yog vim li cas vim li cas Google ua qhov kev txav no (hloov kho cov txheej txheem, seb puas yuav siv HTTPS encryption thev naus laus zis los ua qhov siv rau kev tshawb fawb cav qeb duas) yuav tsis yog los txhim kho cov neeg siv kev tshawb nrhiav thiab Internet. Qhov teeb meem kev ruaj ntseg tsuas yog kom rov qab tau qhov "poob" hauv "Prism Gate" scandal, qhov no yog ib qho kev txaus siab rau tus kheej nyob rau hauv tus chij ntawm "saib lub ego", tuav lub banner ntawm "Security Impact Ranking" thiab chanting "HTTPS. Txhua qhov chaw "" cov lus hais, thiab tom qab ntawd tsis muaj zog cia feem ntau ntawm cov webmasters txaus siab koom nrog HTTPS raws tu qauv camp.

Yog tias koj lub vev xaib belongs rauE-kev lag luam/WechatRau cov platforms, nyiaj txiag, kev sib txuas lus thiab lwm yam kev lag luam, nws yog qhov zoo tshaj plaws los siv HTTPS raws tu qauv; yog tias nws yog lub vev xaib blog, lub vev xaib tshaj tawm, cov ntaub ntawv sib cais, lossis ib lub vev xaib xov xwm, siv daim ntawv pov thawj SSL dawb.

XNUMX. Yuav ua li cas tus webmaster tsim lub vev xaib HTTPS?

Thaum nws los txog rau kev tsim kho ntawm HTTPS qhov chaw, peb yuav tsum hais txog SSL raws tu qauv SSL yog thawj lub network kev ruaj ntseg raws tu qauv tau txais los ntawm Netscape. , SSL dav txhawb ntau hom kev tes hauj lwm, thaum muab peb qhov kev pabcuam kev ruaj ntseg, lawv txhua tus siv cov cuab yeej tseem ceeb rau pej xeem.

Thaum nws los txog rau kev tsim kho ntawm HTTPS qhov chaw, peb yuav tsum hais txog SSL raws tu qauv SSL yog thawj lub network kev ruaj ntseg raws tu qauv tau txais los ntawm Netscape. , SSL dav txhawb ntau hom kev tes hauj lwm, thaum muab peb qhov kev pabcuam kev ruaj ntseg, lawv txhua tus siv cov cuab yeej tseem ceeb rau pej xeem.

1. Lub luag haujlwm ntawm SSL

(1) Txheeb xyuas cov neeg siv thiab cov servers kom ntseeg tau tias cov ntaub ntawv raug xa mus rau cov neeg siv khoom thiab cov neeg rau zaub mov raug;

(2) Encrypt cov ntaub ntawv los tiv thaiv cov ntaub ntawv los ntawm kev nyiag ib nrab;

(3) Ua kom muaj kev ncaj ncees ntawm cov ntaub ntawv thiab xyuas kom meej tias cov ntaub ntawv tsis raug hloov pauv thaum lub sijhawm xa khoom.

SSL daim ntawv pov thawj hais txog cov ntaub ntawv digital uas txheeb xyuas tus kheej ntawm ob tog hauv kev sib txuas lus SSL. muab los ntawm ib tug ntseeg daim ntawv pov thawj digital CA. (xws li VeriSign, GlobalSign, WoSign, thiab lwm yam), muab tom qab kuaj xyuas tus kheej ntawm tus neeg rau zaub mov, nrog rau cov neeg rau zaub mov authentication thiab cov ntaub ntawv xa mus encryption functions, muab faib ua Extended Validation (EV) SSL daim ntawv pov thawj, Lub koom haum Validation (OV) SSL daim ntawv pov thawj, thiab sau npe pov thawj Hom (DV) SSL daim ntawv pov thawj.

2. 3 cov kauj ruam tseem ceeb los thov daim ntawv pov thawj SSL

Muaj peb kauj ruam tseem ceeb los thov daim ntawv pov thawj SSL:

(1), ua ib daim ntawv CSR

Lub npe hu ua CSR yog daim ntawv pov thawj Secure Request daim ntawv thov cov ntaub ntawv tsim los ntawm tus neeg thov. Thaum lub sijhawm tsim khoom, lub kaw lus yuav tsim ob lub yuam sij, ib qho yog tus yuam sij rau pej xeem, uas yog CSR cov ntaub ntawv, thiab lwm qhov yog tus yuam sij ntiag tug, uas yog khaws cia rau ntawm lub server.

Txhawm rau ua cov ntaub ntawv CSR, cov neeg thov tuaj yeem xa mus rau WEB SERVER cov ntaub ntawv, dav dav APACHE, thiab lwm yam, siv OPENSSL cov kab hais kom ua cov ntaub ntawv KEY + CSR2, Tomcat, JBoss, Resin, thiab lwm yam. siv KEYTOOL los tsim cov ntaub ntawv JKS thiab CSR, IIS tsim. ib qho kev thov tseem tos thiab cov ntaub ntawv CSR.

(2), CA daim ntawv pov thawj

Xa CSR mus rau CA, thiab CA feem ntau muaj ob txoj hauv kev pov thawj:

① Kev lees paub lub npe lub npe: Feem ntau, tus thawj tswj hwm lub thawv xa ntawv tau raug lees paub.

② 、 Cov ntaub ntawv pov thawj kev lag luam: Daim ntawv tso cai ua lag luam ntawm lub tuam txhab yuav tsum tau muab, uas feem ntau siv 3-5 hnub ua haujlwm.

Kuj tseem muaj daim ntawv pov thawj uas yuav tsum tau lees paub qhov tseeb ntawm ob txoj hauv kev tib lub sijhawm, uas yog hu ua EV daim ntawv pov thawj, daim ntawv pov thawj no tuaj yeem ua rau qhov chaw nyob bar ntawm browsers saum IE2 tig ntsuab, yog li qhov kev lees paub kuj yog qhov nruj tshaj plaws.

(3), installation ntawm daim ntawv pov thawj

Tom qab tau txais daim ntawv pov thawj los ntawm CA, koj tuaj yeem xa daim ntawv pov thawj ntawm lub server. Feem ntau, APACHE cov ntaub ntawv ncaj qha luam KEY + CER rau cov ntaub ntawv, thiab tom qab ntawd hloov kho cov ntaub ntawv HTTPD.CONF; TOMCAT, thiab lwm yam, xav tau import daim ntawv pov thawj CER cov ntaub ntawv muab los ntawm CA rau hauv JKS cov ntaub ntawv., theej nws mus rau lub server, thiab tom qab ntawd hloov kho SERVER.XML;

XNUMX. Kev pom zoo SSL daim ntawv pov thawj pub dawb

Kev siv cov ntawv pov thawj SSL tuaj yeem tsis tsuas yog ua kom muaj kev ruaj ntseg ntawm cov ntaub ntawv, tab sis kuj txhim kho cov neeg siv kev ntseeg siab hauv lub vev xaib.tsim lub vev xaibXav txog tus nqi, ntau tus webmasters poob siab los ntawm nws, Dawb hauv Is Taws Nem yog ib txwm ua lag luam uas yuav tsis tawm ntawm style. Muaj qhov chaw pub dawb, thiab ib txwm muaj daim ntawv pov thawj SSL dawb. Ua ntej, nws tau tshaj tawm tias Mozilla, Cisco. , Akamai , IdenTrust , EFF , thiab cov kws tshawb fawb hauv University of Michigan yuav pib qhov Let's Encrypt CA project, uas npaj yuav muab daim ntawv pov thawj SSL dawb thiab kev tswj xyuas daim ntawv pov thawj rau cov vev xaib pib lub caij ntuj sov no (ceeb toom: yog tias koj xav tau daim ntawv pov thawj nyuaj dua, koj yuav tsum tau them), thiab tib lub sij hawm, thiab kuj txo cov complexity ntawm daim ntawv pov thawj installation, uas yuav siv sij hawm tsuas yog 20-30 vib nas this.

Nws feem ntau yog cov vev xaib loj thiab nruab nrab uas xav tau daim ntawv pov thawj nyuaj, thiab cov chaw me xws li blogs tus kheej tuaj yeem sim dawb SSL daim ntawv pov thawj ua ntej.

Hauv qab noChen WeiliangLub blog yuav qhia koj txog ntau daim ntawv pov thawj SSL dawb, xws li: CloudFlare SSL, NameCheap, thiab lwm yam.

1. CloudFlare SSL

CloudFlare yog lub vev xaib hauv Tebchaws Meskas uas muab cov kev pabcuam CDN, nws muaj nws tus kheej CDN server nodes thoob plaws ntiaj teb. Ntau lub tuam txhab loj lossis cov vev xaib hauv tsev thiab txawv teb chaws tau siv CloudFlare's CDN cov kev pabcuam. Tau kawg, feem ntau siv los ntawm cov webmasters hauv tsev. yog CloudFlare's dawb CDN, ua kom ceev Nws kuj zoo heev. Daim ntawv pov thawj SSL dawb muab los ntawm CloudFlare yog UniversalSSL, uas yog, universal SSL. Cov neeg siv tuaj yeem siv daim ntawv pov thawj SSL yam tsis tau thov thiab teeb tsa daim ntawv pov thawj los ntawm daim ntawv pov thawj txoj cai. CloudFlare muab SSL encryption rau txhua tus neeg siv (nrog rau cov neeg siv dawb), lub vev xaib interface Daim ntawv pov thawj tau teeb tsa hauv 5 feeb, thiab kev xa tawm tsis siv neeg ua tiav hauv 24 teev, muab kev pabcuam TLS encryption raws li Elliptic Curve Digital Signature Algorithm (ECDSA) rau kev siv lub vev xaib.

2. NameCheap

NameCheap yog tus thawj coj ICANN-tsim npe sau npe npe thiab lub vev xaib hosting tuam txhab, tsim nyob rau hauv 2000, lub tuam txhab muab kev daws teeb meem DNS dawb, URL xa mus (tuaj yeem zais qhov URL qub, txhawb nqa 301 redirection) thiab lwm yam kev pabcuam, ntxiv rau, NameCheap kuj muab ib qho Xyoo ntawm SSL daim ntawv pov thawj kev pabcuam dawb.

3. Cia Encrypt

Cia's Encrypt yog qhov kev tshaj tawm SSL daim ntawv pov thawj nrov tshaj plaws tsis ntev los no, Let's Encrypt yog qhov haujlwm pub dawb thiab pub dawb rau pej xeem kev noj qab haus huv los ntawm ISRG, uas tau tso tawm daim ntawv pov thawj, tab sis daim ntawv pov thawj tsuas siv tau rau 90 hnub.Nws yog qhov tsim nyog rau kev siv tus kheej lossis siv ib ntus, thiab tsis tas yuav tsum ua siab ntev rau qhov hais tias daim ntawv pov thawj tus kheej tsis tau ntseeg los ntawm browser.

qhov tseeb,Chen WeiliangLub blog tseem tab tom npaj siv Let's Encrypt tsis ntev los no ^_^

Wb Encrypt dawb SSL daim ntawv pov thawj daim ntawv thov kev qhia, thov xa mus rau cov lus no kom paub meej:"Yuav ua li cas thov rau Let's Encrypt"