Scribd
Upload
25 views

SSL (Secure Socket Layer)

The document discusses SSL (Secure Socket Layer) and its importance in securing data transmitted over the internet. SSL uses cryptography with public and private keys to encrypt data during transmission, protecting it from interception. It was developed by Netscape to securely transmit confidential information via HTTPS websites.

Uploaded by

mohammed atya
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
25 views

SSL (Secure Socket Layer)

The document discusses SSL (Secure Socket Layer) and its importance in securing data transmitted over the internet. SSL uses cryptography with public and private keys to encrypt data during transmission, protecting it from interception. It was developed by Netscape to securely transmit confidential information via HTTPS websites.

Uploaded by

mohammed atya
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

‫)‪SSL (Secure Socket Layer‬‬

‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬


‫ﺍﳌﺮﺍﺟﻊ ‪ :‬ﺧﺎﻟﺪ ﺍﻟﺮﻭﻳﻠﻲ‬
‫ﻣﺎﺟﺪ ﺍﻟﺮﺑﻴﻌﺎﻥ‬
‫ﺍﻟﻨﺴﺨﺔ ‪ :‬ﺍﻷﻭﱃ‬

‫ﺗﻨﺒﻴﻪ‪:‬‬
‫ﺗﻌﺘﱪ ﻫﺬﻩ ﺍﳌﻤﻘﺎﻟﺔ ﻣﺸﺎﺭﻛﺔ ﻣﻦ ﻛﺎﺗﺒﻬﺎ ﰲ ﺯﻳﺎﺩﺓ ﺍﻟﺘﻮﻋﻴﺔ ﻭﺍﶈﺘﻮﻯ ﺍﳋﺎﺹ ﺑﺄﻣﻦ ﺍﳌﻌﻠﻮﻣﺎﺕ‪ ،‬ﻭﻗﺪ ﺭﺍﺟﻌﻬﺎ ﻣﺮﺍﺟﻊ ﻭﺍﺣﺪ ﻋﻠﻰ ﺍﻷﻗﻞ‪ ،‬ﻭﻻ ﻳﺘﺤﻤﻞ‬
‫ﻣﺮﻛﺰ ﺍﻟﺘﻤﻴﺰ ﻷﻣﻦ ﺍﳌﻌﻠﻮﻣﺎﺕ ﺃﻱ ﺗﺒﻌﺎﺕ ﳍﺬﻩ ﺍﳌﻘﺎﻟﺔ‪ ،‬ﻭﻻ ﺃﻱ ﻣﻌﻠﻮﻣﺎﺕ ﺗﻄﺮﺡ ﰲ ﻫﺬﻩ ﺍﳌﻘﺎﻟﺔ ﻭﻻﻳﻀﻤﻦ ﺩﻗﺔ ﺍﳌﻌﻠﻮﻣﺔ ﻭﺻﺤﺘﻬﺎ‪.‬‬
‫)‪SSL (Secure Socket Layer‬‬

‫ﻣﻘﺪﻣﺔ ‪:‬‬
‫ﻧﻈﺮﺍ ﻟﻜﻮﻥ ﺑﻴﺌﺔ ﺍﻟﺸﺒﻜﺔ ﺍﻟﻌﻨﻜﺒﻮﺗﻴﺔ " ﺍﻻﻧﺘﺮﻧﺖ " ﺑﻴﺌﺔ ﻣﻔﺘﻮﺣﺔ ﻟﻠﺠﻤﻴﻊ ‪ ،‬ﻓﻤﻦ ﺧﻼﻝ ﺗﻨﺎﻗﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻋﱪ ﺁﻻﻑ‬
‫ﺍﻟﺸﺒﻜﺎﺕ ﻭﺍﻟﱵ ﺗﻌﻤﻞ ﻋﻠﻰ ﺷﻜﻞ ﺍﻟﻮﺳﻴﻂ ﺑﲔ ﺍﳌﺮﺳﻞ ﻭﺍﳌﺴﺘﻘﺒﻞ ﻟﺘﻠﻚ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ ،‬ﻓﺈﻥ ﺳﺮﻳﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﳌﻨﻘﻮﻟﺔ ﻣﻬﺪﺩﺓ‬
‫ﺑﺎﻻﺧﺘﺮﺍﻕ ﺃﻭ ﺍﻻﺳﺘﻴﻼﺀ ‪.‬‬
‫ﻭﻣﻊ ﺍﺧﺘﻼﻑ ﺃﳘﻴﺔ ﺗﻠﻚ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﳌﺮﺳﻠﺔ ‪ ،‬ﻓﺠﻤﻴﻌﺎ ﻧﺘﻔﻖ ﻋﻠﻰ ﺃﳘﻴﺔ ﺍﳊﻔﺎﻅ ﻋﻠﻰ ﺳﺮﻳﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﳊﻜﻮﻣﻴﺔ‬
‫ﻭﺍﻻﻗﺘﺼﺎﺩﻳﺔ ﻭﺣﱴ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﻟﺸﺨﺼﻴﺔ ﻭﺍﻟﺴﻤﺎﺡ ﺑﺎﻻﺳﺘﻴﻼﺀ ﻋﻠﻴﻬﺎ ﻳﻌﺘﱪ ‪‬ﺪﻳﺪﺍ ﺑﺼﻮﺭﺓ ﺃﻭ ﺑﺄﺧﺮﻯ ﻭﻋﻠﻰ ﺫﻟﻚ ﻓﻮﺟﻮﺩ‬
‫ﺧﺪﻣﺔ ‪ SSL‬ﻭﺍﻟﱵ ﺗﻌﻤﻞ ﻋﻠﻰ ﺗﺸﻔﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﳌﺮﺳﻠﺔ ﻋﱪ ﺍﻻﻧﺘﺮﻧﺖ ﻭﺍﻟﻌﻤﻞ ﻋﻠﻰ ﻧﻘﻠﻬﺎ ﺑﺼﻮﺭﺓ ﻣﺸﻔﺮﺓ ﻳﺴﺎﻋﺪ ﻋﻠﻰ ﻣﻨﻊ ﺃﻱ‬
‫ﺍﺳﺘﻴﻼﺀ ﳛﺼﻞ ﰲ ﻣﺮﺣﻠﺔ ﻧﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‪.‬‬
‫ﺑﺪﺃﺕ ﻓﻜﺮﺓ ‪ SSL‬ﻣﻦ ﻗﺒﻞ ﺷﺮﻛﺔ ﻧﺘﺴﻜﻴﺐ ﻭﺍﻟﱵ ﻋﻤﻠﺖ ﻋﻠﻰ ﺗﻘﺪﱘ ﺗﻠﻚ ﺍﻟﺘﻘﻨﻴﺔ ﰲ ﺗﺸﻔﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﳌﻨﻘﻮﻟﺔ ﻋﱪ‬
‫ﺍﻻﻧﺘﺮﻧﺖ ﺑﺎﺳﺘﺨﺪﺍﻡ )‪ (cryptography‬ﻭﺍﻟﱵ ﺗﺴﺘﺨﺪﻡ ﻣﻔﺘﺎﺣﲔ ﻟﻠﻘﻴﺎﻡ ﺑﻌﻤﻠﻴﺔ ﺍﻟﺘﺸﻔﲑ ﺇﺣﺪﺍﳘﺎ ﻣﻌﺮﻭﻑ ﻣﺴﺒﻘﺎ ﻭﺍﻵﺧﺮ ﻻ‬
‫ﻳﻌﺮﻓﻪ ﺳﻮﻯ ﺍﳌﺮﺳﻞ ﻭﺍﳌﺴﺘﻘﺒﻞ ﻓﻘﻂ ‪ ،‬ﻭﺑﺎﻹﻣﻜﺎﻥ ﻣﻌﺮﻓﺔ ﺍﳌﻮﺍﻗﻊ ﺍﻟﱵ ﺗﻘﺪﻡ ﺧﺪﻣﺔ ﺍﻟﺘﺸﻔﲑ ﻣﻦ ﻋﺪﻣﻬﺎ ﻣﻦ ﺧﻼﻝ ﺟﻌﻞ ﺭﺍﺑﻂ‬
‫ﺍﳌﻮﻗﻊ ﻳﺒﺪﺃ ‪ https://‬ﺑﺪﻻ ﻣﻦ ‪ ، http://‬ﻛﻤﺎ ﻫﻮ ﺍﳌﻌﺘﺎﺩ ﰲ ﻏﺎﻟﺐ ﺍﳌﻮﺍﻗﻊ ‪.‬‬

‫ﻣﺎﻫﻮ ﺍﻟـ ‪ SSL‬؟‬


‫ﻫﻮ ﻋﺒﺎﺭﺓ ﻋﻦ ﺍﺧﺘﺼﺎﺭ ﻟﻜﻠﻤﺔ “ ‪ “secure socket Layer‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﻳﻘﻮﻡ ﺑﺘﺸﻔﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺍﳌﻨﺘﻘﻠﺔ ﻣﻦ ﻭﺇﱃ‬
‫ﻣﺘﺼﻔﺢ ﺍﻻﻧﺘﺮﻧﺖ ﻭ ﺍﳋﺎﺩﻡ ”‪ “server‬ﺑﺎﺳﺘﺨﺪﺍﻡ ﻣﻔﺘﺎﺣﲔ ﻟﻠﻘﻴﺎﻡ ﺑﻌﻤﻠﻴﺔ ﺍﻟﺘﺸﻔﲑ ‪ ،‬ﺍﳌﻔﺘﺎﺡ ﺍﻷﻭﻝ ﻭﻫﻮ ﻣﻔﺘﺎﺡ ﻋﺎﻡ‬
‫”‪ “public key‬ﻳﻘﻮﻡ ﺍﳌﻔﺘﺎﺡ ﺍﻷﻭﻝ ﺑﺘﺸﻔﲑ ﺍﻟﻌﻤﻠﻴﺔ ”‪ ، “http transaction‬ﻭﻳﻘﻮﻡ ﺍﳌﻔﺘﺎﺡ ﺍﻟﺜﺎﱐ ﻭﻫﻮ ﻣﻔﺘﺎﺡ ﺧﺎﺹ‬
‫”‪”private key‬‬

‫ﳌﺎﺫﺍ ﺍﻟـ ‪ SSL‬؟‬


‫ﺇﻥ ﺛﻘﺔ ﻣﻮﺍﻗﻊ ﺍﻟﺘﺠﺎﺭﺓ ﺍﻻﻟﻜﺘﺮﻭﻧﻴﺔ ﻭ ﻣﻮﺍﻗﻊ ﺍﳊﻜﻮﻣﺎﺕ ﻭﻣﻮﺍﻗﻊ ﺍﻟﺒﻨﻮﻙ ﰲ ‪ SSL‬ﱂ ﻳﻜﻦ ﻋﺒﺜﺎ ﺃﻭ ﻣﺼﺎﺩﻓﺔ ‪ ،‬ﺇﳕﺎ ﻫﻲ‬
‫ﺑﺴﺒﺐ ﻭﺍﻗﻊ ﺗﻔﺮﺿﻪ ﻃﺒﻴﻌﺔ ﺷﺒﻜﺎﺕ ﺍﻻﻧﺘﺮﻧﺖ ﻭﻗﻮﺓ ﳑﻴﺰﺓ ﺗﻘﺪﻣﻬﺎ ‪ SSL‬ﰲ ﻋﻤﻠﻴﺔ ﻧﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺸﻜﻞ ﺁﻣﻦ ﻭﻣﺎ ﳝﻨﺢ ﺍﻟـ‬
‫‪ SSL‬ﻛﻞ ﻫﺬﻩ ﺍﳌﻤﻴﺰﺍﺕ ﻟﻸﺳﺒﺎﺏ ﺍﻟﺘﺎﻟﻴﺔ ‪:‬‬

‫ﻃﺒﻴﻌﺔ ﺷﺒﻜﺔ ﺍﻻﻧﺘﺮﻧﺖ ﻏﲑ ﺍﻵﻣﻨﺔ ‪ :‬ﻛﻤﺎ ﻧﻌﻠﻢ ﺣﱴ ﻳﺼﻞ ﻃﻠﺐ ﻣﻦ ﻣﺘﺼﻔﺢ ﺍﻻﻧﺘﺮﻧﺖ ﻟﺪﻯ ﺍﻟﻌﻤﻴﻞ ﺇﱃ ﻣﻮﻗﻊ‬ ‫•‬
‫ﺍﻻﻧﺘﺮﻧﺖ ﺍﳌﻄﻠﻮﺏ ‪ ،‬ﳝﺮ ﻫﺬﺍ ﺍﻟﻄﻠﺐ ﻋﻠﻰ ﻋﺪﺩ ﻣﻦ ﺍﻟﺸﺒﻜﺎﺕ ﺍﳌﺘﺼﻠﺔ ﻹﻳﺼﺎﻝ ﺫﻟﻚ ﺍﻟﻄﻠﺐ ‪ ،‬ﻭﻷﻧﻨﺎ ﻻ ﻧﻌﻠﻢ ﻋﻦ‬
‫ﻃﺒﻴﻌﺔ ﺗﻠﻚ ﺍﻟﺸﺒﻜﺎﺕ ﺍﳌﻮﺻﻠﺔ ﻭﻣﺪﻯ ﺣﺠﻢ ﺍﻷﻣﺎﻥ ﺍﻟﱵ ﺗﻘﺪﻣﻪ ﺃﻭ ﺍﳊﻔﺎﻅ ﻋﻠﻰ ﺳﺮﻳﺔ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪،‬ﻣﻊ ﺍﺳﺘﺤﺎﻟﺔ‬
‫ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺃﻣﺎﻥ ﺗﻠﻚ ﺍﻟﺸﺒﻜﺎﺕ ﺑﺸﻜﻞ ﻛﺎﻣﻞ ﻣﻊ ﻣﻌﺮﻓﺘﻨﺎ ﺍﳌﺴﺒﻘﺔ ﺑﺄﻥ ﺍﻟﻄﻠﺐ ﺭﲟﺎ ﻳﺘﻐﲑ ﻣﻦ ﻣﺴﺎﺭ ﺇﱃ ﻣﺴﺎﺭ ﺁﺧﺮ‬
‫ﰲ ﺷﺒﻜﺔ ﺍﻻﻧﺘﺮﻧﺖ ‪ ،‬ﳚﻌﻞ ﻣﻦ ﺃﻥ ﻃﺮﻳﻘﺔ ﺗﺸﻔﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻃﺮﻳﻘﺔ ﺁﻣﻨﺔ ﻭﻣﻨﻄﻘﻴﺔ ﻭﺳﻬﻠﺔ ﺍﻻﺳﺘﺨﺪﺍﻡ ﺃﻳﻀﺎ‪.‬‬
‫ﺍﺳﺘﺤﺎﻟﺔ ﺗﻐﻴﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ :‬ﻛﻤﺎ ﻧﻌﻠﻢ ﺃﻥ ﻣﻦ ﺃﺳﺲ ﺃﻣﻦ ﺍﳌﻌﻠﻮﻣﺎﺕ ﻫﻮ ﻭﺻﻮﻝ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺸﻜﻞ ﺻﺤﻴﺢ ﺩﻭﻥ ﺗﻐﻴﲑ‬ ‫•‬
‫‪،‬ﻓﻌﻨﺪ ﺣﺼﻮﻝ ﺍﻻﺧﺘﺮﺍﻕ ﺑﺎﻹﻣﻜﺎﻥ ﺗﻐﻴﲑ ﳏﺘﻮﻯ ﺍﻟﻄﻠﺐ ﺑﺪﻻ ﻣﻦ ‪ 100‬ﻋﻠﻰ ﺳﺒﻴﻞ ﺍﳌﺜﺎﻝ ﺇﱃ ‪ ، 100000‬ﻣﻦ ﺧﻼﻝ‬

‫‪2‬‬ ‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬


‫)‪SSL (Secure Socket Layer‬‬

‫ﻋﻤﻠﻴﺔ ﺍﻟﺘﺸﻔﲑ ﲤﻨﻊ ﺍﳌﺨﺘﺮﻕ ﻣﻦ ﺗﻐﻴﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ﺑﺴﺒﺐ ﺗﺸﻔﲑﻫﺎ ﻭﺍﺳﺘﺤﺎﻟﺔ ﻓﻚ ﺫﻟﻚ ﺍﻟﺘﺸﻔﲑ ﺑﺴﺒﺐ ﻭﺟﻮﺩ‬
‫ﻃﺮﻳﻘﺔ ﺍﻟﺘﺸﻔﲑ ﺍﻟﺼﻌﺒﺔ ‪.‬‬
‫ﺍﺳﺘﺤﺎﻟﺔ ﻗﺮﺍﺀﺓ ﺍﻟﺒﻴﺎﻧﺎﺕ ‪ :‬ﻣﻊ ﻋﻤﻠﻴﺔ ﺍﻟﺘﺸﻔﲑ ﻟﻠﺒﻴﺎﻧﺎﺕ ﻋﱪ ﺍﻟـ‪ SSL‬ﳝﻨﻊ ﺃﻱ ﻣﺘﺴﻤ‪‬ﻊ ﻟﻠﺒﻴﺎﻧﺎﺕ ﻣﻦ ﻗﺮﺍﺀﺓ ﺑﻴﺎﻧﺎﺕ‬ ‫•‬
‫ﺣﻘﻴﻘﻴﺔ ‪ ،‬ﺇﳕﺎ ﻛﻞ ﻣﺎ ﻳﺴﺘﻄﻴﻊ ﻗﺮﺍﺀﺗﻪ ﻫﻲ ﺑﻴﺎﻧﺎﺕ ﻣﺸﻔﺮﺓ ‪ ،‬ﻻ ﻳﺴﺘﻄﻴﻊ ﻓﻜﻬﺎ ﻣﻄﻠﻘﺎ‪.‬‬

‫ﻛﻴﻒ ﻳﻌﻤﻞ ﺍﻟـ ‪ SSL‬؟‬


‫ﻃﺒﻴﻌﺔ ﺑﺮﻭﺗﻮﻛﻮﻝ ‪ SSL‬ﺗﻌﻤﻞ ﻋﻠﻰ ﺍﻟﻄﺒﻘﺔ ﺍﻟﺴﻔﻠﻰ ﻣﻦ ﺍﻟﺘﺸﻔﲑ ﻟﺘﺪﻋﻢ ﺑﺮﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﻄﺒﻘﺔ ﺍﻟﻌﻠﻴﺎ ﻣﺜﻞ‬
‫ﺑﺮﻭﺗﻮﻛﻮﻝ ﻧﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ ”‪ ،“FTP‬ﺑﺮﻭﺗﻮﻛﻮﻝ ﺗﺼﻔﺢ ﺍﻻﻧﺘﺮﻧﺖ”‪ “HTTP‬ﻭ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻷﺧﺒﺎﺭ ﻋﱪﺍﻟﺸﺒﻜﺔ ”‪. “NNTP‬‬

‫ﻛﻤﺎ ﺫﻛﺮﻧﺎ ﺁﻧﻔﺎ ﺃﻥ ﺑﺮﻭﺗﻮﻛﻮﻝ ﺍﻟـ ‪ SSL‬ﻳﻌﻤﻞ ﻋﻠﻰ ﺗﺸﻔﲑ ﺍﻟﺒﻴﺎﻧﺎﺕ ﻭﺣﱴ ﺗﺘﻢ ﻋﻤﻠﻴﺔ ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺍﳋﺎﺩﻡ ﻣﻦ‬
‫ﻗﺒﻞ ﺍﳌﺘﺼﻔﺢ ‪ ،‬ﻭﻟﻠﻘﻴﺎﻡ ﺑﺬﻟﻚ ﻳﺘﻢ ﺇﻧﺸﺎﺀ ﻣﻔﺎﺗﻴﺢ ﺍﻟﺘﺸﻔﲑ "ﺍﻟﻌﺎﻡ ﻭﺍﳋﺎﺹ" ‪ ،‬ﻭﲤﻢ ﻫﺬﻩ ﺍﻟﻌﻤﻠﻴﺔ ﻣﻦ ﺧﻼﻝ ﻋﺪﺓ ﺧﻄﻮﺍﺕ‬
‫ﺣﱴ ﻳﺘﻢ ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﻣﻮﺛﻮﻗﻴﺔ ﺍﻟﻄﺮﻑ ﺍﻵﺧﺮ ﻭﻳﺘﻢ ﺇﻧﺸﺎﺀ ﺍﳌﻔﺎﺗﻴﺢ ﺃﻳﻀﺎ ‪،‬ﻭﺗﻠﻚ ﺍﳋﻄﻮﺍﺕ ﻫﻲ ‪:‬‬

‫ﻳﻘﻮﻡ ﺍﳌﺘﺼﻔﺢ ﺑﻄﻠﺐ ﺷﻬﺎﺩﺓ ﺍﻟﻮﺛﻮﻕ ﻣﻦ ﺍﳋﺎﺩﻡ ‪.‬‬ ‫•‬


‫ﻳﻘﻮﻡ ﺍﳋﺎﺩﻡ ﺑﺎﻟﺮﺩ ﻋﻠﻰ ﺍﳌﺘﺼﻔﺢ ﻭﻳﻘﻮﻡ ﺑﺈﺭﻓﺎﻕ ﺷﻬﺎﺩﺓ ﺍﻟﻮﺛﻮﻕ ﻋﱪ ﺍﻟﺮﺩ‪.‬‬ ‫•‬
‫ﺇﺭﺳﺎﻝ ﺍﳌﻔﺘﺎﺡ ﺍﳋﺎﺹ ﻟﻠﺘﺄﻛﺪ ﻣﻦ ﺍﻣﺘﻼﻙ ﺍﳋﺎﺩﻡ ﻟﻪ‪.‬‬ ‫•‬
‫ﺇﻋﺎﺩﺓ ﺗﺄﻛﻴﺪ ﻣﻦ ﺍﳋﺎﺩﻡ ﻋﻠﻰ ﺍﻣﺘﻼﻙ ﺍﳌﻔﺘﺎﺡ ﺍﳋﺎﺹ ‪.‬‬ ‫•‬
‫ﺇﺭﺳﺎﻝ ﺍﻟﻄﻠﺐ ﺍﻟﺮﺋﻴﺴﻲ ﻣﻦ ﻗﺒﻞ ﺍﻟﻌﻤﻴﻞ‪.‬‬ ‫•‬
‫ﺭﺩ ﺍﳋﺎﺩﻡ ﻋﻠﻰ ﺍﻟﻄﻠﺐ‪.‬‬ ‫•‬

‫‪3‬‬ ‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬


‫)‪SSL (Secure Socket Layer‬‬
‫ﺃﻧﻮﺍﻉ ﺍﻟـ ‪ SSL‬؟‬
‫ﻳﻮﺟﺪ ﻧﻮﻋﺎﻥ ﻣﻦ ‪ SSL‬ﺍﻋﺘﻤﺎﺩﺍ ﻋﻠﻰ ﻗﻮﺓ ﺍﻟﺘﺸﻔﲑ ‪ ،‬ﻭﻫﻮ ﻳﻌﱪ ﻋﻦ ﻃﻮﻝ ﻣﻔﺘﺎﺡ ﺍﻟﺘﺸﻔﲑ ‪:‬‬
‫‪ 128‬ﺑﺖ‪.‬‬
‫‪ 56 – 40‬ﺑﺖ‪.‬‬
‫ﻧﺴﺘﻄﻴﻊ ﺃﻥ ﻧﻘﻮﻝ ﺃﻥ ﺍﺧﺘﻴﺎﺭ ﺍﻟﻨﻮﻉ ﺍﻷﻭﻝ ﻫﻮ ﺍﳋﻴﺎﺭ ﺍﻷﻓﻀﻞ ﻭﺍﻵﻣﺎﻥ ‪ ،‬ﻓﻤﻦ ﺧﻼﻝ ﻣﻘﺎﺭﻧﺔ ﺑﺴﻴﻄﺔ ﺑﲔ ﺍﻟﻨﻮﻋﲔ ﳒﺪ ﺃﻥ ﺍﻟﻨﻮﻉ‬
‫ﺍﻷﻭﻝ ﻳﺘﻔﻮﻕ ﻋﻠﻰ ﺍﻟﻨﻮﻉ ﺍﻟﺜﺎﱐ ﻣﻘﺎﺭﻧﺔ ﺑﻮﻗﺖ ﺍﻟﺒﺤﺚ ﺑﺮﻗﻢ ﺧﺮﺍﰲ " ﺗﺮﻳﻠﻮﻥ ﺗﺮﻳﻠﻮﻥ ﻣﺮﺓ " ‪ ،‬ﻭﺑﺎﻟﺘﺄﻛﻴﺪ ﻣﻦ ﺧﻼﻝ ﻫﺬﺍ ﺍﻟﺮﻗﻢ‬
‫ﻧﻌﺮﻑ ﺃﻥ ﳏﺎﻭﻟﺔ ﺍﻟﺒﺤﺚ ﺍﻟﱵ ﲢﺼﻞ ﻟﻔﻚ ﺍﻟﺘﺸﻔﲑ ﺑﺎﺳﺘﺨﺪﺍﻡ ‪ 128‬ﺑﺖ ﳒﺰﻡ ﺃ‪‬ﺎ ﻣﺴﺘﺤﻴﻠﺔ‪.‬‬

‫ﻛﻴﻔﻴﺔ ﺍﻗﺘﻨﺎﺀ ﺧﺪﻣﺔ ‪ SSL‬؟‬


‫ﻛﻤﺎ ﻧﻌﻠﻢ ﺑﺄﻥ ﺧﺪﻣﺔ ‪ SSL‬ﻫﻲ ﺍﺗﺼﺎﻝ ﺑﲔ ﺍﻟﻌﻤﻴﻞ ﻭﺍﳋﺎﺩﻡ ﻭﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺷﻬﺎﺩﺓ ﺍﻟﻮﺛﻮﻕ ﻣﻦ ﺧﻼﻝ ﻣﻘﺪﻡ ﺧﺪﻣﺔ‬
‫‪ SSL‬ﻭﻫﻮ ﺍﻟﻮﺳﻴﻂ ﺍﻟﺜﺎﻟﺚ ﻟﻠﺨﺪﻣﺔ ﻭﺣﱴ ﺗﺘﻢ ﻋﻤﻠﻴﺔ ﺗﻮﻓﲑ ﺗﻠﻚ ﺍﳋﺪﻣﺔ ‪ ،‬ﳚﺐ ﺃﻥ ﻳﻘﻮﻡ ﺍﳋﺎﺩﻡ ﺑﺘﻨﻔﻴﺬ ﺑﻌﺾ ﺍﻹﻋﺪﺍﺩﺍﺕ ‪،‬‬
‫ﻭﲣﺘﻠﻒ ﺗﻠﻚ ﺍﻹﻋﺪﺍﺩﺍﺕ ﺑﺎﺧﺘﻼﻑ ﺑﻴﺌﺔ ﺍﻟﻌﻤﻞ ﻣﺎ ﺇﻥ ﻛﺎﻧﺖ ﻭﻳﻨﺪﻭﺯ ﺃﻭ ﻟﻴﻨﻜﺲ ‪.‬‬

‫ﻋﻨﺪ ﺍﻻﺷﺘﺮﺍﻙ ﰲ ﺧﺪﻣﺔ ‪ SSL‬ﻟﺪﻯ ﻣﻘﺪﻣﺔ ﺍﳋﺪﻣﺔ ‪ ،‬ﻣﻦ ﺍﻟﻮﺍﺟﺐ ﺗﻮﻓﲑ ﻣﻌﻠﻮﻣﺎﺕ ﺍﳋﺪﻣﺔ ﻭﺍﻟﱵ ﻋﺎﺩﺓ ﻣﺎ ﺗﻜﻮﻥ‬
‫ﻋﻠﻰ ﺍﳍﻴﺌﺔ ﺍﻟﺘﺎﻟﻴﺔ ‪:‬‬

‫‪-----BEGIN CERTIFICATE-----‬‬

‫]‪[encoded data‬‬

‫‪-----END CERTIFICATE-----‬‬

‫ﻫﺬﻩ ﺍﳌﻌﻠﻮﻣﺎﺕ ﺗﻌﱪ ﻋﻦ ﻣﻔﺘﺎﺡ ﺍﻻﺗﺼﺎﻝ ﺑﺎﻟﻮﺳﻴﻂ ﻟﻠﺘﻌﺮﻳﻒ ﺑﺎﳋﺎﺩﻡ ‪ ،‬ﺑﻌﺪ ﺫﻟﻚ ﻳﻘﻮﻡ ﺍﳋﺎﺩﻡ ﺑﺘﺮﻛﻴﺐ ﺧﺪﻣﺔ ﺍﻟـ ‪SSL‬‬
‫ﻋﻠﻰ ﺍﳋﺎﺩﻡ ﻋﻠﻰ ﺣﺴﺐ ﺑﻴﺌﺔ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ ‪.‬‬

‫ﻟﻠﻘﻴﺎﻡ ﺑﻌﻤﻠﻴﺔ ﺍﻟﺘﺮﻛﻴﺐ ﻋﻠﻰ ﺑﻴﺌﺔ ﻭﻳﻨﺪﻭﺯ ‪ ،‬ﳚﺐ ﺍﺗﺒﺎﻉ ﺍﳋﻄﻮﺍﺕ ﺍﻟﺘﺎﻟﻴﺔ ‪:‬‬

‫ﺍﻟﺘﺮﻛﻴﺐ ﻋﻠﻰ ﺑﻴﺌﺔ ﻧﻮﺍﻓﺬ ”‪:“Windows‬‬


‫ﺑﺪﺍﻳﺔ ﳚﺐ ﺗﻮﻓﺮ ‪ IIS‬ﻋﻠﻰ ﻧﻈﺎﻡ ﺍﻟﺘﺸﻐﻴﻞ‪.‬‬ ‫•‬
‫ﺍﺫﻫﺐ ﺇﱃ ”‪. “Internet Information Services” ، “Administrator Tools” ، “Control Panel‬‬ ‫•‬
‫ﺍﺫﻫﺐ ﺇﱃ ”‪ “Default Web Site‬ﰒ ﺍﻟﻀﻐﻂ ﺑﺎﻟﺰﺭ ﺍﻟﻴﻤﲔ ﻭﺍﻟﺬﻫﺎﺏ ﺇﱃ ”‪.“Properties‬‬ ‫•‬

‫‪4‬‬ ‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬


‫)‪SSL (Secure Socket Layer‬‬

‫‪5‬‬ ‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬


SSL (Secure Socket Layer)

.SSL‫“ ﰒ ﺍﲤﺎﻡ ﺍﻋﺪﺍﺩﺍﺕ ﺍﻝ‬Server Certificate” ‫“ ﰒ‬Directory security” ‫• ﺍﺫﻫﺐ ﺇﱃ‬

6 ‫ ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬: ‫ﺍﻟﻜﺎﺗﺐ‬


SSL (Secure Socket Layer)

.“443” SSL ‫“ ﻭﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺍﺿﺎﻓﺔ ﻣﻨﻔﺬ ﺍﻟـ‬Web Site” ‫• ﺍﺫﻫﺐ ﺇﱃ‬

: ‫ﺍﻟﺘﺮﻛﻴﺐ ﻋﻠﻰ ﺑﻴﺌﺔ ﻟﻴﻨﻜﺲ‬


“/etc/httpd/httpd.conf” : ‫“ ﻣﻦ ﺧﻼﻝ ﺍﳌﻠﻒ‬Apache” ‫ﻗﻢ ﺑﺎﻟﺒﺤﺚ ﻋﻦ ﺇﻋﺪﺍﺩﺍﺕ ﺍﻻﺑﺎﺗﺸﻲ‬ •
: ‫ﻗﻢ ﺑﺎﺿﺎﻓﺔ ﺍﻟﻨﺺ ﺍﻟﺘﺎﱄ ﰲ ﻣﻠﻒ ﺍﻋﺪﺍﺩﺍﺕ ﺍﻻﺑﺎﺗﺸﻲ‬ •
<VirtualHost xxx.xxx.xxx.xxx:443>
DocumentRoot /path/to/website
SSLEngine on
SSLCertificateFile /path/to/www.virtualdomain.com.crt
SSLCertificateKeyFile /path/to/www.virtualdomain.com.de.key
</VirtualHost>

. ‫ ﻟﻠﻤﻮﻗﻊ‬IP Address ‫ ﻫﻮ‬xxx.xxx.xxx.xxx ‫ﻣﻊ ﺍﻟﻌﻠﻢ ﺑﺄﻥ‬ •


: ‫ﰲ ﺭﻏﺒﺔ ﻋﺪﻡ ﺣﺼﻮﻝ ﻣﺸﺎﻛﻞ ﺑﻌﺪ ﺇﻋﺎﺩﺓ ﺗﺸﻐﻴﻞ ﺍﳋﺎﺩﻡ ﻗﻢ ﺑﺎﻟﻌﻤﻠﻴﺎﺕ ﺍﻟﺘﺎﻟﻴﺔ‬ •
$ openssl rsa -in www.virtualdomain.com.key \
-out www.virtualdomain.com.de.key

: Httpd ‫ﺃﺧﲑﺍ ﻗﻢ ﺑﺈﻋﺎﺩﺓ ﺗﺸﻐﻴﻞ ﺧﺪﻣﺔ‬ •


# /etc/init.d/httpd stop
# /etc/init.d/httpd start

7 ‫ ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬: ‫ﺍﻟﻜﺎﺗﺐ‬


‫)‪SSL (Secure Socket Layer‬‬

‫ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺍﻣﺘﻼﻙ ‪ SSL‬؟‬


‫ﻻ ﺷﻚ ﺑﺄﻧﻪ ﳚﺐ ﻋﻠﻰ ﺍﻟﻌﻤﻴﻞ ﻋﻨﺪ ﺍﻟﺪﺧﻮﻝ ﺇﱃ ﻣﻮﺍﻗﻊ ﺍﻟﺒﻨﻮﻙ ﺃﻭ ﻣﻮﺍﻗﻊ ﺍﻟﺘﺠﺎﺭﺓ ﺍﻻﻟﻜﺘﺮﻭﻧﻴﺔ ﺍﻟﺘﺤﻘﻖ ﻣﻦ ﺍﻣﺘﻼﻙ‬
‫ﺗﻠﻚ ﺍﳌﻮﺍﻗﻊ ﺧﺪﻣﺔ ‪ SSL‬ﻭﺍﻟﺘﺄﻛﺪ ﻣﻦ ﻓﻌﺎﻟﻴﺘﻬﺎ ﻭﻣﺼﺪﺭ ﺗﻠﻚ ﺍﻟﺮﺧﺼﺔ ‪ ،‬ﻫﻨﺎﻙ ﻃﺮﻳﻘﺘﲔ ﻟﻌﻤﻠﻴﺔ ﺍﻟﺘﺄﻛﺪ ‪:‬‬
‫ﻳﻈﻬﺮ ﰲ ﻣﺘﺼﻔﺢ ﺍﻻﻧﺘﺮﻧﺖ ﻟﻠﻌﻤﻴﻞ ﺻﻮﺭﺓ ﻗﻔﻞ ﺻﻐﲑﺓ ﳎﺎﻭﺭﺓ ﳍﺎ ﻣﻘﺪﺍﺭ ﺍﻟﺘﺸﻔﲑ ﻋﺎﺩﺓ ‪. 128bit ،‬‬
‫ﰲ ﻋﻨﻮﺍﻥ ﺍﳌﻮﻗﻊ ﻳﻈﻬﺮ ﺍﻟﻌﻨﻮﺍﻥ ﻣﺒﺘﺪﺋﺎ ﺑـ ‪ Https‬ﺑﺪﻻ ﻋﻦ ‪ Http‬ﻛﻤﺎ ﻫﻮ ﻣﻌﺘﺎﺩ ‪.‬‬
‫ﺗﺴﺘﻄﻴﻊ ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺧﻼﻝ ﺍﻟﻀﻐﻂ ﺑﺎﻟﺰﺭ ﺍﻟﻴﻤﲔ ﻋﻠﻰ ﺍﻟﺼﻔﺤﺔ ﰒ ﺍﻟﺬﻫﺎﺏ ﺇﱃ ﺧﺼﺎﺋﺺ‪.‬‬

‫‪8‬‬ ‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬


‫)‪SSL (Secure Socket Layer‬‬

‫ﻋﻴﻮﺏ ﺍﻟـ ‪ SSL‬؟‬


‫ﻳﻜﺎﺩ ﺣﺠﻢ ﻓﺎﺋﺪﺓ ﺍﻟـ ‪ SSL‬ﻭﳑﻴﺰﺍﺗﻪ ﻻ ﺗﻮﺻﻒ ﰲ ﺇﳚﺎﺩﻫﺎ ﳊﻠﻮﻝ ﻓﻌﻠﻴﺔ ﳌﺸﺎﻛﻞ ﺃﻣﻦ ﺍﳌﻌﻠﻮﻣﺎﺕ ﰲ ﻧﻘﻞ ﺍﻟﺒﻴﺎﻧﺎﺕ‬
‫ﻣﻦ ﺍﻟﻌﻤﻴﻞ ﻭﺍﳋﺎﺩﻡ ‪ ،‬ﻭﻟﻜﻦ ﻧﺘﻔﻖ ﺃﻥ ﻟﻜﻞ ﺗﻘﻨﻴﺔ ﳑﻴﺰﺍﺕ ﻭﻋﻴﻮﺏ ‪ ،‬ﻭﻧﺬﻛﺮ ﻫﻨﺎ ﺃﻛﱪ ﻋﻴﻮﺏ ﺍﻟـ ‪: SSL‬‬

‫ﲢﺘﺎﺝ ﻋﻤﻠﻴﺔ ﺍﻟﺘﺄﻛﺪ ﻣﻦ ﺷﻬﺎﺩﺓ ﺍﻟﻮﺛﻮﻕ ﻭﺍﻟﻘﻴﺎﻡ ﺑﻌﻤﻠﻴﺔ ﻓﻚ ﺍﻟﺘﺸﻔﲑ ﰲ ﻛﻞ ﻃﻠﺐ ‪ ،‬ﻳﻘﻮﻡ ﺑﻌﻤﻞ ﺿﻐﻂ ﻋﻠﻰ‬ ‫•‬
‫‪ CPU‬ﳑﺎ ﻳﺴﺒﺐ ﻣﻦ ﺍﺭﺗﻔﺎﻉ ﺣﺠﻢ ﺍﻻﺳﺘﻬﻼﻙ ”‪ “LOAD‬ﻋﻠﻰ ﺍﳋﺎﺩﻡ ‪ ،‬ﻛﻤﺎ ﺍﻟﻘﻴﺎﻡ ﺑﻌﻤﻠﻴﺔ ﺃﺧﺬ ﻧﺴﺨﺔ ﻣﻦ‬
‫ﺍﳌﻔﺎﺗﻴﺢ ﻭﺍﻻﺣﺘﻔﺎﻅ ﻓﻴﻬﺎ ﰲ ﻛﻞ ﻣﺮﺓ ﻳﺴﺘﻬﻠﻚ ﺃﻳﻀﺎ ﺍﻟﺬﺍﻛﺮﺓ ﺍﻟﻌﺸﻮﺍﺋﻴﺔ ﺑﺸﻜﻞ ﻛﺒﲑ ‪.‬‬
‫ﻛﻤﺎ ﺫﻛﺮﻧﺎ ﺁﻧﻔﺎ ﺑﺄﻥ ‪ SSL‬ﻳﻘﻮﻡ ﺑﺪﻋﻢ ‪ ، HTTP,FTP,NNTP‬ﻭﻣﻊ ﺍﺧﺘﻼﻑ ﻃﺮﻕ ﺍﻟﺘﺼﻔﺢ ﻟﻼﻧﺘﺮﻧﺖ ﰲ ﺍﻟﻮﻗﺖ‬ ‫•‬
‫ﺍﳊﺎﺿﺮ ﻭﻣﻊ ﺗﻌﺪﺩ ﺍﳋﺪﻣﺎﺕ ﺍﳌﻘﺪﻣﺔ ﻣﻦ ﺍﻻﻧﺘﺮﻧﺖ ﰲ ﻛﻞ ﻣﺮﺓ ‪ ،‬ﳛﺪ ﻣﻦ ﺍﻻﺳﺘﻔﺎﺩﺓ ﻣﻦ ﺍﻟـ ‪ SSL‬ﺧﺎﺭﺝ ﻧﻄﺎﻕ‬
‫ﺍﻟﱪﻭﺗﻮﻛﻮﻻﺕ ﺍﻟﺴﺎﺑﻘﺔ‪.‬‬
‫ﺑﺴﺒﺐ ﺍﳊﺎﺟﺔ ﻟﻠﻘﻴﺎﻡ ﺑﻌﻤﻠﻴﺔ ﻓﻚ ﺍﻟﺘﺸﻔﲑ ﻭﺍﻟﺘﺄﻛﺪ ‪ ،‬ﻓﺈﻥ ﻫﻴﻜﻠﻴﺔ ﻭﻃﺎﻗﺔ ﺍﻷﺟﻬﺰﺓ ﺍﻟﺼﻐﲑﺓ ﻣﺜﻞ ﺍﻷﺟﻬﺰﺓ ﺍﻟﻜﻔﻴﺔ‬ ‫•‬
‫ﺃﻭ ﺍﳉﻮﺍﻻﺕ ﻻ ﲢﺘﻤﻞ ﺍﻟﻘﻴﺎﻡ ﺑﺘﻠﻚ ﺍﻟﻌﻤﻠﻴﺎﺕ ﺑﺸﻜﻞ ﻣﺴﺘﻤﺮ‪.‬‬

‫ﺍﳌﺮﺍﺟﻊ ‪:‬‬
‫‪Books:‬‬

‫•‬ ‫‪Network Security Bible.‬‬


‫•‬ ‫‪Network Security: The Complete Reference.‬‬

‫‪Sites:‬‬

‫•‬ ‫‪http://www.webopedia.com/TERM/S/SSL.html‬‬
‫•‬ ‫‪http://wp.netscape.com/eng/ssl3/ssl-toc.html‬‬
‫•‬ ‫‪http://www.ssl.com/support/installation.jsp‬‬
‫•‬ ‫‪http://www.verisign.com/products-services/security-‬‬
‫‪services/ssl/index.html.‬‬
‫•‬ ‫‪http://www.sxpress.com/ssl_linux.php‬‬

‫ﻣﻮﺍﻗﻊ ﻣﻔﻴﺪﺓ ‪:‬‬


‫•‬ ‫‪http://www.instantssl.com‬‬
‫•‬ ‫‪http://www.apache-ssl.org‬‬
‫•‬ ‫‪http://wp.netscape.com/eng/ssl3/‬‬

‫‪9‬‬ ‫ﺍﻟﻜﺎﺗﺐ ‪ :‬ﻣﺎﺟﺪ ﻋﺒﺪﺍﻟﺮﲪﻦ ﺍﳊﻤﻴﺪ‬

You might also like