1. ã¯ããã«ã æ¨æ¥ OpenSSLã®ãã¼ã¸ã§ã³ã¢ãããã¢ãã¦ã³ã¹ãããï¼ã¤ã®èå¼±æ§ãå ¬éããã¾ããããã¼ã¸ã§ã³ã¢ããã®æ°æ¥åã«OpenSSLã®æ¬¡æãªãªã¼ã¹äºåãã¢ãã¦ã³ã¹ããã¦ãã¾ããããã¡ããã© BlackHat éå¬åæ¥ã«ããããã¨ãããããªããã¾ãé大ãªèå¼±æ§ã®ä¿®æ£ãå ¥ãããããªããã¨ãããããã¦ãã¾ãããèãéãã¦ã¿ãã¨HeatBleedç¨ã®å¤§äºã§ã¯ãªããããã²ã¨å®å¿ã§ãã æ¨æ¥å ¬éãããOpenSSLã®ï¼ã¤ã®èå¼±æ§ã®ãã¡ãTLS ãããã³ã«ãã¦ã³ã°ã¬ã¼ãæ»æ (CVE-2014-3511)ã®ä¿®æ£ãè¦ã¦ããã¨ãããããã¯TLSãããã³ã«ãå¦ã¶ããé¡æã«ãªããªãã¨ãµã¨æãã¤ãã試ãã«ãã®Opensslã®èå¼±æ§ã®è©³ç´°ãTLSãããã³ã«ã®åºç¤ã«åããã¦æ¸ãã¦ã¿ã¾ããã ã¡ãã£ã¨é·ãã§ãããTLSãããã³ã«ã®ä»çµã¿ï¼ã®ä¸é¨ï¼ãç¥ãããæ¹ã¯ãèªã¿ãã ããã 2. OpenSSLã®èå¼±æ§
ãã£ãã£ã¼ã»ãã«ãã³éµäº¤æã§ã¯ã両è ï¼ä¸å³ã§ã¯Aliceã¨Bobï¼ãå ¬ééµã¨ç§å¯éµã®çµãçæããå ¬ééµã®ã¿ãç¸æã«éä»ããããäºããæ¬ç©ã®ï¼ãã®ç¹ãé常ã«éè¦ï¼ï¼å ¬ééµãåå¾ã§ããã°ãAliceã¨Bobã¯ãªãã©ã¤ã³ã§å ±æéµãè¨ç®ã§ãããå ±æéµã¯ããã¨ãã°å ±ééµæå·ã®éµã¨ãã¦å©ç¨ã§ããã ãã£ãã£ã¼ã»ãã«ãã³éµå ±æï¼ãã£ãã£ã¼ã»ãã«ãã³ããããããããDiffieâHellman key exchangeãDHï¼ããããã¯ãã£ãã£ã¼ã»ãã«ãã³éµäº¤æï¼ããããããï¼ã¨ã¯ãäºåã®ç§å¯ã®å ±æç¡ãã«ãçè´ã®å¯è½æ§ã®ããéä¿¡è·¯ã使ã£ã¦ãæå·éµã®å ±æãå¯è½ã«ãããå ¬ééµæå·æ¹å¼ã®æå·ãããã³ã«ã§ããããã®éµã¯ãå ±ééµæå·ã®éµã¨ãã¦ä½¿ç¨å¯è½ã§ããã æ¬ãã¼ã¸ã§ã¯æéä½ä¸ã®æ¼ç®ãå©ç¨ãããã£ãã£ã¼ã»ãã«ãã³éµå ±æææ³ãæ±ããæéä½ä¸ã®ãã£ãã£ã¼ã»ãã«ãã³ã®ä»ã«ã¯ãæ¥åæ²ç·ä¸ã®æ¼ç®ãå©ç¨ããæ¥åæ²ç·ãã£ãã£ã¼
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}