Jump to content
Kaspersky Support Forum

Why did KIS 2020 stop using SSL for updates?

Esoteric_Moniker

By Esoteric_Moniker
in Kaspersky Internet Security

 Share

Recommended Posts

Esoteric_Moniker

Esoteric_Moniker

Posted
  • Author
Posted

I thought Kaspersky was supposed to start using SSL for all updates starting with version 2020? It did initially work that way, but now it has gone back to plain HTTP.

 

If you take a look below, 195.122.177.145 does belong to Kaspersky and the connection is via SSL (port 443) but most of the data for this patch (version J) seems to have been downloaded from the other IPs connected via port 80.

KIS 2020 not updating via SSL

 

Igor Kurzin

Igor Kurzin

Posted
Posted

Hi, you can configure the product to update only via https, by adding below urls as update source and disabling Kaspersky Lab update servers in Settings → Additional → Update → Select update sources:

 

  • https://s00.upd.kaspersky.com
  • https://s01.upd.kaspersky.com
  • https://s02.upd.kaspersky.com
  • https://s03.upd.kaspersky.com
  • https://s04.upd.kaspersky.com
  • https://s05.upd.kaspersky.com
  • https://s06.upd.kaspersky.com
  • https://s07.upd.kaspersky.com
  • https://s08.upd.kaspersky.com
  • https://s09.upd.kaspersky.com
  • https://s10.upd.kaspersky.com
  • https://s11.upd.kaspersky.com
  • https://s12.upd.kaspersky.com
  • https://s13.upd.kaspersky.com
  • https://s14.upd.kaspersky.com
  • https://s15.upd.kaspersky.com
  • https://s16.upd.kaspersky.com
  • https://s17.upd.kaspersky.com
  • https://s18.upd.kaspersky.com
  • https://s19.upd.kaspersky.com
Esoteric_Moniker

Esoteric_Moniker

Posted
  • Author
Posted

Thank you, I will give it a try.

 

Any idea why they initially implemented SSL-only updates and then silently removed the feature entirely without any mention of this in release notes?

Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL or using self-signed certificate SSL in the world. This may require a transition period.

Regards.

Esoteric_Moniker

Esoteric_Moniker

Posted
  • Author
Posted

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.

Wesly.Zhang

Wesly.Zhang

Posted
Posted

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.


Hello,

Yes, You are right. I agree with you.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...