{"id":32490,"date":"2021-12-14T18:05:06","date_gmt":"2021-12-14T15:05:06","guid":{"rendered":"https:\/\/www.natro.com\/blog\/?p=32490"},"modified":"2021-12-14T18:05:08","modified_gmt":"2021-12-14T15:05:08","slug":"tls-1-3-nedir-neden-tls-1-3-kullanilmali","status":"publish","type":"post","link":"https:\/\/www.natro.com\/blog\/tls-1-3-nedir-neden-tls-1-3-kullanilmali\/","title":{"rendered":"TLS 1.3 Nedir? | Neden TLS 1.3 Kullan\u0131lmal\u0131?"},"content":{"rendered":"\n<p>G\u00fcn\u00fcm\u00fcze kadar veri \u015fifreleme performans ve h\u0131z y\u00f6n\u00fcnden bekleneni kar\u015f\u0131lam\u0131yordu. TLS 1.3 ile birlikte daha \u00f6nceki versiyonlar\u0131na oranla \u00e7ok daha h\u0131zl\u0131, \u00e7ok daha g\u00fcvenilir ve \u00e7ok daha g\u00fc\u00e7l\u00fc, bir g\u00fcvenlik protokol\u00fc geli\u015ftirildi. TLS 1.3\u2019\u00fc a\u00e7\u0131klamadan \u00f6nce bilmeyenler i\u00e7in TLS kavram\u0131n\u0131 a\u00e7\u0131klayal\u0131m.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tls-nedir\"><span id=\"tls-nedir\"><strong>TLS Nedir?<\/strong><\/span><\/h2>\n\n\n\n<p>\u0130ngilizcesi \u201cTransport Layer Security\u201d olan TLS, T\u00fcrk\u00e7esi ile Ta\u015f\u0131ma katman\u0131 g\u00fcvenli\u011fi, g\u00fcn\u00fcm\u00fczde yayg\u0131n olarak kullan\u0131lan bir protokold\u00fcr. Asimetrik bir \u015fifreleme algoritmas\u0131 kullanarak, aktar\u0131lan kimlik bilgilerinin do\u011frulanmas\u0131nda kullan\u0131l\u0131r. Veriler aktar\u0131l\u0131rken g\u00fcvenlik sorunlar\u0131n\u0131 a\u015fmak i\u00e7in geli\u015ftirilen TLS, iki cihaz aras\u0131nda kurulan ileti\u015fimin g\u00fcvenli \u015fekilde tamamlanmas\u0131n\u0131 sa\u011flayan bir a\u011f protokol\u00fcd\u00fcr.<\/p>\n\n\n\n<p>\u0130lk olarak 1999 y\u0131l\u0131nda geli\u015ftirilen protokol, veri b\u00fct\u00fcnl\u00fc\u011f\u00fc ve veri gizlili\u011fini sa\u011flar. Netscape\u2018in SSL g\u00fcvenlik protokol\u00fcnden evrimle\u015ftirilerek geli\u015ftirilen TLS, web siteleri aras\u0131ndaki\u00a0g\u00fcvenli ileti\u015fimi sa\u011flar. Al\u0131c\u0131 ile istemci aras\u0131nda verilerin \u015fifreleme i\u015flemlerini ger\u00e7ekle\u015ftirir. TLS, SSL ile birlikte\u00a0HTTPS\u2019in g\u00fcvenlik temelini olu\u015fturan protokollerdir. TLS kimlik do\u011frulama i\u015flemi yapt\u0131\u011f\u0131, daha g\u00fcvenli ve daha yeni algoritmay\u0131 destekledi\u011fi ve SSL ile birlikte \u00e7al\u0131\u015fmad\u0131\u011f\u0131 i\u00e7in SSL\u2019in yerini alm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<p>TLS; TLS kay\u0131t protokol\u00fc (TLS record protocol) ve TLS el s\u0131k\u0131\u015fma protokol\u00fc (TLS handshake protocol) olmak \u00fczere iki katmandan olu\u015fur. TLS Record protocol ba\u011flant\u0131n\u0131n g\u00fcvenli olmas\u0131 sa\u011flar. TLS handshake protocol ise\u00a0kullan\u0131c\u0131 ve sunucular\u0131n kimlik do\u011frulamalar\u0131n\u0131n yap\u0131ld\u0131\u011f\u0131 protokold\u00fcr. Veri ileti\u015fimi yap\u0131lmadan hemen \u00f6nce \u015fifreleme algoritmalar\u0131n\u0131 kullanarak, \u015fifreleme anahtarlar\u0131na izin verir.<\/p>\n\n\n\n<p>G\u00fcnl\u00fck ya\u015fam\u0131m\u0131zda fark\u0131nda olmasak da TLS, a\u011f \u00fczerinden VoIP (IP \u00fczerinden ses iletimi), anl\u0131k mesajla\u015fma, VPN ba\u011flant\u0131lar\u0131 gibi i\u015flemlerin internet uygulamalar\u0131nda ya da taray\u0131c\u0131lar\u0131nda g\u00fcvenli bir \u015fekilde yap\u0131lmas\u0131n\u0131 sa\u011flar. TLS kullan\u0131l\u0131rken URL bar\u0131ndaki g\u00fcvenli web sayfalar\u0131n\u0131n t\u00fcm\u00fc \u201chttps:\/\/\u201d ile ba\u015flar.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>TLS nedir, ne i\u015fe yarar ayr\u0131nt\u0131l\u0131 olarak \u00f6\u011frenmek isterseniz <strong><a href=\"https:\/\/www.natro.com\/blog\/transport-layer-security-tls-nedir\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/tls-1-3-nedir-neden-tls-1-3-kullanilmali\">bu<\/a><a href=\"https:\/\/www.natro.com\/blog\/transport-layer-security-tls-nedir\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/tls-1-3-nedir-neden-tls-1-3-kullanilmali\" target=\"_blank\" rel=\"noreferrer noopener\">r<\/a><a href=\"https:\/\/www.natro.com\/blog\/transport-layer-security-tls-nedir\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/tls-1-3-nedir-neden-tls-1-3-kullanilmali\">aya<\/a> <\/strong>t\u0131klayabilirsiniz.<\/p><\/blockquote>\n\n\n\n<h2 id=\"tlsin-ozellikleri-nelerdir\" class=\"wp-block-heading\"><strong>TLS\u2019in \u00d6zellikleri Nelerdir?<\/strong><\/h2>\n\n\n\n<p>Bir g\u00fcvenlik protokol\u00fc olan TLS\u2019in \u00f6zellikleri a\u015fa\u011f\u0131da maddeler halinde s\u0131ralanm\u0131\u015ft\u0131r.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Sunucular (server) ile taray\u0131c\u0131lar (browser) aras\u0131ndaki haberle\u015fmenin g\u00fcvenli bir \u015fekilde ger\u00e7ekle\u015fmesini sa\u011flar.<\/li><li>Veri \u015fifrelemesinde POP3, FTP, HTTPS, SMTP gibi protokollerin bir\u00e7o\u011fu taraf\u0131ndan desteklenir.\u00a0<\/li><li>Anahtar (key) \u00fczerinden verileri \u015fifrelemek i\u00e7in asimetrik kriptografi (asymmetric cryptography) algoritmas\u0131n\u0131 kullan\u0131r.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"681\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-1024x681.jpg\" alt=\"\" class=\"wp-image-32443\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-1024x681.jpg 1024w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-300x199.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-768x511.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-1536x1021.jpg 1536w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-2048x1361.jpg 2048w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-270x180.jpg 270w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175-370x245.jpg 370w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_231279175.jpg 2124w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 id=\"tls-1-3-nedir\" class=\"wp-block-heading\"><strong>TLS 1.3 Nedir<\/strong>?<\/h2>\n\n\n\n<p>\u0130nternette dola\u015f\u0131rken, baz\u0131 sitelerin URL\u2019lerinin HTTP ile ba\u015flad\u0131\u011f\u0131n\u0131, baz\u0131lar\u0131n\u0131n da HTTPS ile ba\u015flad\u0131\u011f\u0131n\u0131 fark etmi\u015fsinizdir. \u201cAralar\u0131nda ne fark var?\u201d diye de d\u00fc\u015f\u00fcnm\u00fc\u015f olabilirsiniz. \u0130lk bak\u0131\u015fta aralar\u0131ndaki tek fark \u201cS\u201d harfidir. Ancak bu \u00f6nemli bir farkt\u0131r. Buradaki \u201cS\u201d \u0130ngilizce g\u00fcvenlik anlam\u0131na gelen \u201cSecurity\u201d kelimesinin ba\u015f harfidir. Bu da HTTPS sitesine sunucu ile istemci aras\u0131ndan iletilen her bilginin \u015fifrelenece\u011fi yani, ba\u011flant\u0131n\u0131z\u0131n g\u00fcvenli oldu\u011fu anlam\u0131na gelir.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>HTTPS nedir ve nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ayr\u0131nt\u0131l\u0131 olarak \u00f6\u011frenmek i\u00e7in\u00a0<strong><a href=\"https:\/\/www.natro.com\/blog\/https-nedir-https-nasil-calisir\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/tls-1-3-nedir-neden-tls-1-3-kullanilmali\" target=\"_blank\" rel=\"noreferrer noopener\">buraya<\/a><\/strong>\u00a0t\u0131klayabilirsiniz.<\/p><\/blockquote>\n\n\n\n<p>Herhangi bir web sitesi g\u00fcvenli hale getirilmek istenirse SSL \/ TLS sertifikalar\u0131n\u0131n y\u00fcklenmesi gerekir. Bu sertifikalar kullan\u0131ld\u0131\u011f\u0131nda, \u00e7e\u015fitli mekanizmalar sayesinde transit bilgileri \u015fifreler ve b\u00f6ylece herhangi bir kurcalama ile veri h\u0131rs\u0131zl\u0131\u011f\u0131n\u0131 engeller. Bunlar veri \u015fifrelemesinden sorumlu olan \u015fifreleri ve algoritmalar\u0131 i\u00e7eren protokollerdir. TLS ailesinin 4. versiyonu TLS 1.3\u2019t\u00fcr. TLS 1.3, TLS\u2019in son s\u00fcr\u00fcm\u00fcd\u00fcr. Kriptografik sistem \u00fczerinde aktif olarak \u00e7al\u0131\u015fan CDN m\u00fchendisleri ve The Internet Engineering Task Force (IETF) grubu taraf\u0131ndan 4 y\u0131lda geli\u015ftirilmi\u015ftir.<\/p>\n\n\n\n<p>TLS 1.3 i\u00e7in \u00e7al\u0131\u015fmalar 2014 y\u0131l\u0131nda ba\u015flad\u0131. Onaylanmadan \u00f6nce \u00e7ok say\u0131da taslak geli\u015ftirildi. Bu s\u00fcre\u00e7te bir\u00e7ok kez dizayn edildi. TLS 1.3\u2019te s\u0131kl\u0131kla meydana gelen ba\u011flant\u0131 kopmalar\u0131ndan dolay\u0131 pek \u00e7ok ara katman, g\u00fcvenlik kutusu \u00e7al\u0131\u015fmalar\u0131n\u0131 y\u00fcr\u00fctemedi. Ancak TLS ara\u00e7 kitlerinden biri\u00a0TLS 1.3\u2019\u00fc destekler niteliktedir. Open SSL (1.1.1) TLS 1.3\u2019\u00fc destekler. TLS, TLS 1.3 protokol\u00fcn\u00fc h\u0131z ve g\u00fcvenlik katma amac\u0131yla piyasaya s\u00fcrd\u00fc.<\/p>\n\n\n\n<p>TLS 1.3, eski s\u00fcr\u00fcm\u00fcnden iki sene sonra daha g\u00fcvenli ve daha h\u0131zl\u0131 olarak piyasaya s\u00fcr\u00fcld\u00fc. Amac\u0131 TLS ve di\u011fer s\u00fcr\u00fcmleri gibi tek hedefe odaklanm\u0131\u015ft\u0131r: \u0130ki cihaz aras\u0131nda ger\u00e7ekle\u015fecek olan ileti\u015fimin g\u00fcvenli\u011fini sa\u011flamaya yarayan bir a\u011f protokol\u00fc geli\u015ftirmek.\u00a0TLS 1.3, 2018 y\u0131l\u0131nda kullan\u0131lmaya ba\u015fland\u0131. Ancak bir\u00e7ok kullan\u0131c\u0131 bu protokolden haberdar olmad\u0131.\u00a0<\/p>\n\n\n\n<h3 id=\"tls-1-3-ile-guvenlik-iyilestirmeleri-nelerdir\" class=\"wp-block-heading\"><strong>TLS 1.3 ile G\u00fcvenlik \u0130yile\u015ftirmeleri Nelerdir?<\/strong><\/h3>\n\n\n\n<p>Heartbleed ve POODLE gibi g\u00fcvenlik a\u00e7\u0131klar\u0131 ile k\u0131sa s\u00fcre \u00f6nce ke\u015ffedilen ROBOT sald\u0131r\u0131s\u0131 herkese, d\u00fcnyan\u0131n d\u00f6rt bir yan\u0131ndaki milyonlarca kullan\u0131c\u0131y\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n sabitlenmesinin nas\u0131l etkileyebilece\u011fini g\u00f6sterdi. TLS 1.3, TLS 1.2\u2019de mevcut olan g\u00fcvensizlikleri ortadan kald\u0131r\u0131r. TLS 1.3\u2019ten bir \u00f6nceki s\u00fcr\u00fcm olan TLS 1.2, g\u00fcvensiz algoritmalar, g\u00fcvensiz protokoller ve g\u00fcvensiz \u015fifrelerden olu\u015fur. Sald\u0131r\u0131ya u\u011frama ihtimaliniz az olaca\u011f\u0131 i\u00e7in endi\u015felenmenize gerek olmasa da bu protokol\u00fcn istismar edilemeyece\u011fi anlam\u0131n\u0131 ta\u015f\u0131maz. Sald\u0131rganlar TLS 1.2\u2019nin g\u00fcvensiz b\u00f6l\u00fcmlerinden faydalanarak bir indirme sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirebilir. TLS 1.3, eski protokolleri ve \u015fifreleri kademeli olarak de\u011fi\u015ftirdi\u011fi i\u00e7in sald\u0131r\u0131 olana\u011f\u0131n\u0131 ortadan kald\u0131r\u0131r. TLS 1.3\u2019te kesilen pek \u00e7ok \u015fifre algoritmas\u0131 bulunur. Bunlardan baz\u0131lar\u0131 a\u015fa\u011f\u0131da s\u0131ralanm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>RSA,<\/li><li>RC4 \u015eifresi,<\/li><li>SHA-1 Karma Fonksiyonu,<\/li><li>MD5 Algoritmas\u0131,<\/li><li>DES,<\/li><li>3DES,<\/li><li>\u00c7e\u015fitli Diffie-Hellman,<\/li><li>CBC Modu \u015eifreleri.<\/li><\/ul>\n\n\n\n<h2 id=\"tls-1-3un-ozellikleri-nelerdir\" class=\"wp-block-heading\"><strong>TLS 1.3\u2019\u00fcn \u00d6zellikleri Nelerdir?<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"732\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_188776257-1024x732.jpg\" alt=\"\" class=\"wp-image-32440\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_188776257-1024x732.jpg 1024w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_188776257-300x214.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_188776257-768x549.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_188776257-1536x1097.jpg 1536w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_188776257.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>TLS\u2019in son s\u00fcr\u00fcm\u00fc olan TLS 1.3 bir\u00e7ok \u00f6zelli\u011fi ile kullan\u0131c\u0131lara avantajlar sunar. Sunucu ve istemci ba\u011flant\u0131 kurmak i\u00e7in gerekli olan\u00a0RTT (Round Trip Time) s\u00fcresini d\u00fc\u015f\u00fcr\u00fcr. Bu sayede web sitelerinde olu\u015fabilecek gecikmeleri azalt\u0131r. TLS 1.3 protokol\u00fcne yeni dijital imza algoritmalar\u0131 eklenmi\u015ftir. TLS 1.3 ile birlikte 0-RTT Record (kay\u0131t) ve\u00a01 \u2013 RTT Handshake (El S\u0131k\u0131\u015fma) i\u00e7in ilk destek verilmi\u015ftir. Bu sayede Cedexis \u00f6l\u00e7\u00fcmlerine g\u00f6re CDN hizmet h\u0131z\u0131 bak\u0131m\u0131ndan bir\u00e7ok Avrupa \u00fclkesinde ve T\u00fcrkiye\u2019de en \u00fcst s\u0131rada yer alan Medianova i\u00e7in bile 1-RTT Handshake (El S\u0131k\u0131\u015fma) azalt\u0131lmas\u0131 performans\u0131 ve verimlili\u011fi b\u00fcy\u00fck oranda art\u0131racakt\u0131r. TLS 1.3, son teknolojiyi kullanarak g\u00fcvenli\u011fi art\u0131r\u0131rken, gecikme s\u00fcresini azaltarak performans verimlili\u011fini art\u0131r\u0131r.<\/p>\n\n\n\n<h2 id=\"tls-1-3-kullanmanin-faydalari-nelerdir\" class=\"wp-block-heading\"><strong>TLS 1.3 Kullanman\u0131n Faydalar\u0131 Nelerdir?<\/strong><\/h2>\n\n\n\n<p>TLS\u2019in son s\u00fcr\u00fcm\u00fc TLS 1.3\u2019ten \u00f6ncesi bir\u00e7ok bak\u0131mdan eksiklik bar\u0131nd\u0131r\u0131r. Sertifika kontrolleri, \u015fifreleme s\u0131k\u0131nt\u0131lar\u0131 yani genel anlamda \u201cg\u00fcvenlik\u201d problemleri denebilir. Hatta daha da ileriye giderek siber sald\u0131rganlar\u0131n a\u011f trafi\u011finizi g\u00f6zetledi\u011fi bir noktaya da var\u0131lmaktayd\u0131. \u0130\u015flem h\u0131z\u0131ndaki d\u00fc\u015f\u00fckl\u00fck de bir eksiklik olarak say\u0131labilir. TLS 1.3 say\u0131lan t\u00fcm bu alanlar\u0131 de\u011fi\u015ftiren \u00e7ok daha g\u00fcvenli bir protokold\u00fcr.<\/p>\n\n\n\n<p>Eski s\u00fcr\u00fcmlerdeki kriptografi anlam\u0131nda \u015fifrelerin (SHA1, CBC, RC4, MD5, gibi) zay\u0131f olmas\u0131, siber sald\u0131r\u0131lara a\u00e7\u0131k oldu\u011funuz anlam\u0131na gelirdi. Sald\u0131rganlar\u0131n kaydedilen trafi\u011fin \u015fifresini \u00e7\u00f6zmesi i\u00e7in \u00f6zel anahtara eri\u015fim sa\u011flamalar\u0131 engellenememe durumunu ortaya \u00e7\u0131kar\u0131yordu. TLS 1.3 ile birlikte kulland\u0131\u011f\u0131 asimetrik \u015fifreleme algoritmas\u0131ndan dolay\u0131 g\u00fcvenli\u011fi d\u00fc\u015f\u00fck olan bu \u015fifrelemeler, yerlerini daha g\u00fcvenli ve modern \u00e7\u00f6z\u00fcmlerle de\u011fi\u015ftirerek g\u00fcvenli\u011fi sa\u011flad\u0131lar.<\/p>\n\n\n\n<p>TLS 1.3\u2019teki bir di\u011fer de\u011fi\u015fiklik ise TLS \u201chandshake\u201d s\u00fcrecindeki belirgin h\u0131z art\u0131\u015f\u0131d\u0131r. TLS\u2019in \u00f6nceki versiyonlar\u0131nda kullan\u0131lan geleneksel olarak yap\u0131lan\u00a0\u015fifreleme i\u015flemleri, fazla gecikme ve CPU ihtiyac\u0131na yol a\u00e7m\u0131\u015ft\u0131r. TSL 1.3, handshake protokol\u00fc i\u00e7in gereken paket say\u0131s\u0131n\u0131 0 \u2013 3 aras\u0131na d\u00fc\u015f\u00fcrm\u00fc\u015ft\u00fcr. Bu sayede hassas ve h\u0131zl\u0131 bir ba\u011flant\u0131 sa\u011flaman\u0131n \u00f6n\u00fcn\u00fc a\u00e7m\u0131\u015ft\u0131r.<\/p>\n\n\n\n<h2 id=\"tls-1-3in-tls-1-2e-gore-ustunlugu-nedir\" class=\"wp-block-heading\"><strong>TLS 1.3\u2019in TLS 1.2\u2019e G\u00f6re \u00dcst\u00fcnl\u00fc\u011f\u00fc Nedir?<\/strong><\/h2>\n\n\n\n<p>TLS 1.2\u2019ye g\u00f6re TLS 1.3 \u00e7ok daha h\u0131zl\u0131 bir servis hizmeti ve geli\u015fmi\u015f g\u00fcvenlik hizmeti sunar. TLS 1.2 \u015fifrelenmi\u015f ba\u011flant\u0131lar ile ekstra y\u00fck\u00a0olu\u015ftururken, TLS 1.3 \u015fifrelenen ba\u011flant\u0131lar\u0131 h\u0131zland\u0131rmaya yard\u0131mc\u0131 olur. Basit bir \u015fekilde handshake i\u00e7in TLS 1.2\u2019de 2 Round Trip gerekirken, TLS 1.3\u2019de yaln\u0131zca tek 1 Round bu i\u015flem i\u00e7in yeterlidir. Gecikmeler %50 oran\u0131nda azal\u0131rken, performans artar.<\/p>\n\n\n\n<p>TLS 1.3\u2019\u00fcn TLS 1.2\u2019den bir di\u011fer fark\u0131 ise daha \u00f6nce ziyaret edilen web sitelerine, site y\u00fcklenmesinde gerekli olan veriler ilk mesaj ile g\u00f6nderilir. Bu i\u015flem tek seferde ger\u00e7ekle\u015ftirildi\u011fi i\u00e7in \u201chandshake\u201d amac\u0131yla ayr\u0131 bir RTT gecikmesi de meydana gelmez. Dolay\u0131s\u0131yla internet sitelerinin y\u00fcklenme h\u0131z\u0131 artm\u0131\u015f olur. TLS 1.2\u2019ye ait konfig\u00fcrasyonlar\u0131n uygun \u015fekilde yap\u0131lamamas\u0131 internet sitelerinin sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131z kalmas\u0131na sebep olmu\u015ftur. Bu sebeple TLS 1.2\u2019den SHA-1, RC4, DES, 3DES, AES-CBC,MD5 gibi eski ve g\u00fcvenli\u00a0olmayan algoritmalar kald\u0131r\u0131lm\u0131\u015ft\u0131r. TLS 1.3 ile birlikte protokol daha basit bir yap\u0131ya kavu\u015fturularak, geli\u015ftirici ve y\u00f6neticilerin protokol\u00fc do\u011fru bir \u015fekilde yap\u0131land\u0131rmas\u0131 sa\u011flanm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<p>TLS 1.3 ile daha az kullan\u0131lan ve zay\u0131f olan eliptik e\u011frilere olan destek kald\u0131r\u0131lm\u0131\u015ft\u0131r. \u00d6nceki formlar kullan\u0131lacak olsa bile dijital imza gerekli k\u0131l\u0131nm\u0131\u015ft\u0131r. TLS 1.3\u2019e Hash kullan\u0131m\u0131 entegre edilmi\u015ftir. Geriye d\u00f6n\u00fck uyumluluk i\u00e7in numara dondurulmu\u015f ve katman versiyon numara kayd\u0131 kullan\u0131mdan kald\u0131r\u0131lm\u0131\u015ft\u0131r. Anla\u015fma tekrar\u0131, s\u0131k\u0131\u015ft\u0131rma, PFS olmayan anahtar de\u011fi\u015fimi, AEAD olmayan \u015fifrelemeler, kar\u015f\u0131lama mesaj\u0131ndaki UNIX zaman\u0131 gibi eskimi\u015f ve g\u00fcvenli olmayan \u00f6zelliklere olan destek kald\u0131r\u0131lm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<h2 id=\"tls-1-3e-nasil-gecilir\" class=\"wp-block-heading\"><strong>TLS 1.3\u2019e Nas\u0131l Ge\u00e7ilir?<\/strong><\/h2>\n\n\n\n<p>TLS 1.3, Firefox ve Google Chrome taraf\u0131ndan desteklenir. Edge ve Safari gibi taray\u0131c\u0131lar i\u00e7in ise geli\u015ftirme a\u015famas\u0131ndad\u0131r.\u00a0TLS 1.3\u2019\u00fc Google Chrome\u2019da aktif h\u00e2le getirmek i\u00e7in a\u015fa\u011f\u0131daki yollar izlenebilir.<\/p>\n\n\n\n<p>1- Adres \u00e7ubu\u011funa gidilir. \u201cChrome:\/\/flags\u201d yaz\u0131l\u0131p \u201center\u201d tu\u015funa bas\u0131l\u0131r.<\/p>\n\n\n\n<p>2- TLS 1.3 aran\u0131p bulunduktan sonra aktif (enable) hale getirilir.<\/p>\n\n\n\n<p>3- Google Chrome\u2019un yeniden ba\u015flat\u0131lmas\u0131 gerekir.\u00a0(Google Chrome ile bir sonraki ba\u015flang\u0131c\u0131nda, de\u011fi\u015fikli\u011fin ge\u00e7erli oldu\u011funu g\u00f6steren bir mesaj sizi kar\u015f\u0131lar.)<\/p>\n\n\n\n<p>TLS 1.3\u2019\u00fc aktif h\u00e2le getirdikten sonra\u00a0TLS 1.3\u2019\u00fcn aktif oldu\u011fu bir site HTTPS \u00fczerinde ziyaret edilir. Daha sonra a\u015fa\u011f\u0131daki i\u015flemler s\u0131ras\u0131yla ger\u00e7ekle\u015ftirilir.\u00a0<\/p>\n\n\n\n<p>1- Google Chrome\u2019un \u201cgeli\u015ftirici ara\u00e7lar\u201d sekmesi a\u00e7\u0131l\u0131r.<\/p>\n\n\n\n<p>2- G\u00fcvenlik kutucu\u011funa t\u0131klan\u0131r. Sayfa yeniden y\u00fcklenir. A\u00e7\u0131lan pencerede \u201cmain origin\u201de t\u0131klan\u0131r.<\/p>\n\n\n\n<p>3- Sa\u011f tarafta \u00e7\u0131kan tabloda TLS 1.3\u2019\u00fcn listelendi\u011fi kontrol edilir.<\/p>\n\n\n\n<h2 id=\"tls-1-3u-denetlemenin-faydalari-nelerdir\" class=\"wp-block-heading\"><strong>TLS 1.3\u2019\u00fc Denetlemenin Faydalar\u0131 Nelerdir?<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"439\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-1024x439.jpg\" alt=\"\" class=\"wp-image-32442\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-1024x439.jpg 1024w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-300x129.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-768x329.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-1536x658.jpg 1536w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-2048x878.jpg 2048w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2021\/12\/dreamstime_m_232430906-scaled.jpg 2560w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>TLS\u2019yi denetlemenin en \u00f6nemli yarar\u0131 g\u00fcvenli\u011fin sa\u011flanmas\u0131d\u0131r. Denetleme yap\u0131lmamas\u0131 durumunda a\u011f trafi\u011finin %75\u2019inin, NGFW (Next Generation Firewall)\u00a0yani Yeni Nesil G\u00fcvenlik Duvar\u0131ndan beklenmedik bir \u015fekilde ge\u00e7ece\u011fi i\u00e7in sald\u0131r\u0131 ile ilgili b\u00fcy\u00fck bir a\u00e7\u0131k meydana gelir. Fortinet\u2019in tehdit raporunda, verileri \u00e7almak ve k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131 gizlemek i\u00e7in TLS trafi\u011finde ilk 20 istismar\u0131n %20\u2019sinin kullan\u0131ld\u0131\u011f\u0131 belirtiliyor.<\/p>\n\n\n\n<p>TLS denetimi yapacak \u00e7\u00f6z\u00fcmlere olan ihtiya\u00e7, TLS trafi\u011fini tehditlere kar\u015f\u0131 koruyabilmek i\u00e7in gereklidir. Denetimin olumlu bir \u015fekilde fayda sa\u011flayabilmesi i\u00e7in TLS 1,3\u2019\u00fc tam anlam\u0131yla desteklemesi gerekir. Ta\u015f\u0131ma katman\u0131 g\u00fcvenli\u011fi (TLS), g\u00fcvenli haberle\u015fmeyi sa\u011flamak amac\u0131yla tasarlanan kriptolama protokolleridir. X.509 sertifikas\u0131 kulland\u0131klar\u0131 i\u00e7in kar\u015f\u0131 tarafla ileti\u015fim kuracaklar\u0131 zaman \u201casimetrik \u015fifreleme\u201d yap\u0131l\u0131r. Ve sadece bir simetrik anahtar \u00fczerinde anla\u015f\u0131l\u0131r. Bu ileti\u015fimde kullan\u0131lan anahtar, daha sonra ki\u015filer aras\u0131ndaki veri ak\u0131\u015f\u0131n\u0131 \u015fifrelemek i\u00e7in kullan\u0131l\u0131r. Bu, veri \/ mesaj gizlili\u011fine ve mesaj do\u011frulama kodlar\u0131 i\u00e7in mesaj b\u00fct\u00fcnl\u00fc\u011f\u00fcne izin verir.<\/p>\n\n\n\n<p>TLS 1.3 ve di\u011fer versiyonlar elektronik mail, a\u011f tarama, internet \u00fczerinden faks, internet \u00fczerinden sesli mesajla\u015fma ve anl\u0131k mesajla\u015fma gibi pek \u00e7ok uygulamada yayg\u0131n olarak kullan\u0131l\u0131r. Bu sebeple k\u0131sa s\u00fcreli olan oturum anahtar\u0131, uzun s\u00fcreli olan gizli simetrik anahtardan t\u00fcretilemez. Web taray\u0131c\u0131lar\u0131nda herhangi bir yerde asma kilit g\u00f6r\u00fclmesi, o siteye yap\u0131lan ba\u011flant\u0131n\u0131n TLS ile \u015fifreli oldu\u011funu g\u00f6sterir. Baz\u0131 web taray\u0131c\u0131lar\u0131nda asma kilit \u00fczerine t\u0131kland\u0131\u011f\u0131nda, TLS sertifikas\u0131n\u0131n kimden al\u0131nd\u0131\u011f\u0131, ge\u00e7erlilik s\u00fcresi, sitenin a\u00e7\u0131k anahtar de\u011feri, versiyon bilgisi ve \u00f6zet algoritmas\u0131 gibi bilgiler de g\u00f6r\u00fcnt\u00fclenebilir. Siz de TLS 1.3 denetlemesi yaparak sitenizin daha g\u00fcvenli olmas\u0131n\u0131 sa\u011flayabilirsiniz.<\/p>\n","protected":false},"excerpt":{"rendered":"G\u00fcn\u00fcm\u00fcze kadar veri \u015fifreleme performans ve h\u0131z y\u00f6n\u00fcnden bekleneni kar\u015f\u0131lam\u0131yordu. TLS 1.3 ile birlikte daha \u00f6nceki versiyonlar\u0131na oranla&hellip;\n","protected":false},"author":7,"featured_media":32492,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[808],"tags":[],"class_list":{"0":"post-32490","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ssl-sertifikasi"},"_links":{"self":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/32490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/comments?post=32490"}],"version-history":[{"count":1,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/32490\/revisions"}],"predecessor-version":[{"id":32493,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/32490\/revisions\/32493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/media\/32492"}],"wp:attachment":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/media?parent=32490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/categories?post=32490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/tags?post=32490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}