Nabadgelyadu hadda ma aha ikhtiyaar, laakiin waa koorsada looga baahan yahay xirfadleyaasha tignoolajiyada internetka. HTTP, HTTPS, SSL, TLS - Runtii ma fahantay waxa ka socda daaha gadaashiisa? Maqaalkan, waxaan ku sharixi doonaa macquulka asaasiga ah ee borotokoolka isgaarsiineed sir casri ah oo habaysan iyo hab xirfadeed, waxaanan kaa caawin doonaa inaad fahanto siraha "ka dambeeya qufullada" oo leh jaantus socodka muuqaalka ah.
Waa maxay sababta HTTP "aan ammaan ahayn"? --- Hordhac
Xusuusnow digniinta browserka la yaqaan?
"Xiriirkaagu maaha mid gaar ah."
Mar haddii degelku aanu geynin HTTPS, dhammaan macluumaadka isticmaalaha waxa lagu hareeraysan yahay shabakadda si qoraal ah. Furahaaga sirta ah ee lagu galo, lambarada kaadhka bangiga, iyo xataa wada sheekaysiga gaarka ah dhamaantood waxa qabsan kara hacker-ku meel wanaagsan Sababta asalka u ah tani waa qarsoodi la'aanta HTTP.
Marka sidee HTTPS, iyo "albaabiyaha" ka dambeeya, TLS, u oggolaadaan xogta inay si ammaan ah ugu socdaalto internetka? Aan u kala jebinno lakab.
HTTPS = HTTP + TLS/SSL --- Qaab-dhismeedka iyo Fikradaha Muhiimka ah
1. Waa maxay HTTPS nuxur ahaan?
HTTPS (HyperText Transfer Protocol Secure) = HTTP + lakabka sireed (TLS/SSL)
HTTP: Tani waxay mas'uul ka tahay qaadista xogta, laakiin waxa ku jira ayaa lagu arki karaa qoraal cad
○ TLS/SSL: Waxay siisaa "lock on encryption" ee isgaadhsiinta HTTP, isaga oo xogta u rogaya xujo ay kaliya xalin karaan soo-diraha sharciga ah.
Jaantuska 1: socodka xogta HTTP vs HTTPS.
"Lock" ee barta ciwaanka browserka waa calanka amniga TLS/SSL.
2. Waa maxay xidhiidhka ka dhexeeya TLS iyo SSL?
SSL (Secure Sockets Layer): Waa hab-maamuuskii ugu horreeyay ee qarsoodi ah, kaas oo la ogaaday in uu leeyahay baylahda halista ah.
TLS (Ammaanka Lakabka Gaadiidka): Ku-beddelka SSL, TLS 1.2 iyo TLS 1.3 oo aad u horumarsan, kuwaas oo bixiya horumarro la taaban karo oo xagga amniga iyo waxqabadka ah.
Maalmahan, "shahaadada SSL" waa si fudud fulinta nidaamka TLS, oo la magacaabay kordhin.
U dhaadhac TLS: Sixirka Cryptographic Behind HTTPS
1. Socodka gacan qaadka si buuxda ayaa loo xaliyay
Aasaaska wada xidhiidhka sugan ee TLS waa qoob ka ciyaarka gacan qaadka wakhtiga dejinta. Aynu jebinno socodka gacma-qaadka caadiga ah ee TLS:
Jaantuska 2: Socodka gacan qaadka TLS ee caadiga ah.
1️⃣ Isku xirka TCP
Macmiil (tusaale, biraawsar) waxa uu bilaabaa xidhiidhka TCP ee serferka (dekedda caadiga ah 443).
2️⃣ TLS Wajiga Gacan-qaadka
○ Macmiil Hello: browser-ku waxa uu soo diraa nooca TLS ee la taageeray, cipher, iyo nambarka randomka oo ay la socoto Tilmaamaha Magaca Serverka (SNI), kaas oo u sheega serferka magaca martida loo yahay ee uu rabo in uu galo ( awood u siinaya in la wadaago IP-ga goobo badan).
○ Server Hello & Arrinka Shahaadada: Seerfarku waxa uu doortaa nooca TLS ee ku haboon iyo xaraf, oo dib u soo dira shahaadadiisa (oo wata furaha dadweynaha) iyo lambarada random.
○ Ansixinta shahaadada: browserku waxa uu xaqiijiyaa silsilada shahaadada serverka ilaa xididka la aaminsan yahay ee CA si loo hubiyo in aan la been abuurtay.
○ Jiilka muhiimka ah ee Premaster: browser-ku waxa uu soo saara furaha hordhaca ah, waxa uu ku xafidaa furaha dadweynaha ee server-ka,waxana uu u dirayaa server-ka.Laba dhinac ayaa ka wada xaajooda furaha fadhiga:Isticmaalka labada dhinacba lambarada random-ka iyo furaha hordhaca ah,macmiilka iyo serferku waxa ay xisaabiyaan isla furaha kalfadhiga simmetric.
○ Dhamaystirka gacan-qaadka: Labada dhinacba waxay isu diraan farriimaha "Dhamaysta" waxayna galaan marxaladda gudbinta xogta sir ah.
3️⃣ Wareejinta Xogta Sugan
Dhammaan xogta adeegga waxa lagu sireeyay furaha fadhiga laga wada xaajooday si hufan, xitaa haddii dhexda laga dhex galo, waa uun farabadan "code garbled".
4️⃣ Dib u Isticmaalka Kulanka
TLS waxay taageertaa Kalfadhiga mar labaad, kaas oo si weyn u wanaajin kara waxqabadka isagoo u oggolaanaya isla macmiilka inuu ka boodo gacan-qaadka caajiska ah.
Asymmetric encryption (sida RSA) waa amaan laakiin gaabis ah. Sifeynta simmetric waa dhakhso laakiin qaybinta furaha ayaa dhib badan. TLS waxay isticmaashaa istaraatiijiyad "laba-tallaabo" ah-marka hore isweydaarsiga furaha ah ee asymmetric-ka ah ka dibna nidaam summeedka si uu si hufan u xafido xogta.
2. Kobcinta algorithm iyo horumarinta amniga
RSA iyo Diffie-Hellman
○ RSA
Waxaa markii ugu horreysay si ballaaran loo adeegsaday intii lagu jiray gacan-qaadka TLS si loo qaybiyo furayaasha fadhiga. Macmiilku waxa uu soo saara furaha fadhiga, waxa uu ku sireeyaa furaha guud ee serferka,waxana uu u soo diraa si serferka oo kaliya uu u kala furfuro.
Diffie-Hellman (DH/ECDH)
Laga bilaabo TLS 1.3, RSA looma isticmaalo beddelka furaha iyada oo door bideysa kuwa aaminka ah ee DH/ECDH algorithms ee taageera sirta hore (PFS). Xitaa haddii furaha gaarka ah la sii daayo, xogta taariikhiga ah weli lama furi karo.
| Nooca TLS | Algorithm isweydaarsiga muhiimka ah | Amniga |
| TLS 1.2 | RSA/DH/ECDH | Sareeye |
| TLS 1.3 | kaliya DH/ECDH | Ka Sareeya |
Talooyin wax ku ool ah oo ah in Xirfadlayaasha Isku-xidhka ay tahay inay Master-ka dhigaan
○ Mudnaanta u cusboonaynta TLS 1.3 si aad u hesho sir degdeg ah oo ammaan badan.
○ Dari ciphers xooggan (AES-GCM, ChaCha20, iwm.) oo dami algorithms-yada daciifka ah iyo borotokoollada aan sugnayn (SSLv3, TLS 1.0);
○ Habee HSTS, OCSP Stapling, iwm si loo horumariyo ilaalinta guud ee HTTPS;
○ Si joogto ah u cusboonaysii oo dib u eeg silsiladda shahaado si aad u hubiso ansaxnimada iyo hufnaanta silsiladda kalsoonida.
Gabagabo & Fikradaha: Runtii ganacsigaagu ma yahay mid sugan?
Laga soo bilaabo HTTP cad ilaa HTTPS si buuxda loo sireeyay, shuruudaha amniga ayaa ka dambeeyay casriyeyn kasta oo borotokool ah. Sida aasaaska isgaadhsiinta qarsoodiga ah ee shabakadaha casriga ah, TLS waxay si joogto ah u hagaajinaysaa nafteeda si ay ula qabsato jawiga weerarka ee sii kordhaya.
Meheraddaadu ma isticmaashay HTTPS? Qaabayntaada crypto ma la socotaa hababka ugu wanaagsan ee warshadaha?
Waqtiga boostada: Jul-22-2025
