Jump to content

Why did KIS 2020 stop using SSL for updates?


Recommended Posts

Esoteric_Moniker
Posted

I thought Kaspersky was supposed to start using SSL for all updates starting with version 2020? It did initially work that way, but now it has gone back to plain HTTP.

 

If you take a look below, 195.122.177.145 does belong to Kaspersky and the connection is via SSL (port 443) but most of the data for this patch (version J) seems to have been downloaded from the other IPs connected via port 80.

KIS 2020 not updating via SSL

 

Igor Kurzin
Posted

Hi, you can configure the product to update only via https, by adding below urls as update source and disabling Kaspersky Lab update servers in Settings → Additional → Update → Select update sources:

 

  • https://s00.upd.kaspersky.com
  • https://s01.upd.kaspersky.com
  • https://s02.upd.kaspersky.com
  • https://s03.upd.kaspersky.com
  • https://s04.upd.kaspersky.com
  • https://s05.upd.kaspersky.com
  • https://s06.upd.kaspersky.com
  • https://s07.upd.kaspersky.com
  • https://s08.upd.kaspersky.com
  • https://s09.upd.kaspersky.com
  • https://s10.upd.kaspersky.com
  • https://s11.upd.kaspersky.com
  • https://s12.upd.kaspersky.com
  • https://s13.upd.kaspersky.com
  • https://s14.upd.kaspersky.com
  • https://s15.upd.kaspersky.com
  • https://s16.upd.kaspersky.com
  • https://s17.upd.kaspersky.com
  • https://s18.upd.kaspersky.com
  • https://s19.upd.kaspersky.com
Esoteric_Moniker
Posted

Thank you, I will give it a try.

 

Any idea why they initially implemented SSL-only updates and then silently removed the feature entirely without any mention of this in release notes?

Wesly.Zhang
Posted

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL or using self-signed certificate SSL in the world. This may require a transition period.

Regards.

Esoteric_Moniker
Posted

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.

Wesly.Zhang
Posted

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.


Hello,

Yes, You are right. I agree with you.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...