Jump to content

Why did KIS 2020 stop using SSL for updates?


Esoteric_Moniker

Recommended Posts

Esoteric_Moniker

I thought Kaspersky was supposed to start using SSL for all updates starting with version 2020? It did initially work that way, but now it has gone back to plain HTTP.

 

If you take a look below, 195.122.177.145 does belong to Kaspersky and the connection is via SSL (port 443) but most of the data for this patch (version J) seems to have been downloaded from the other IPs connected via port 80.

KIS 2020 not updating via SSL

 

Link to comment
Share on other sites

Igor Kurzin

Hi, you can configure the product to update only via https, by adding below urls as update source and disabling Kaspersky Lab update servers in Settings → Additional → Update → Select update sources:

 

  • https://s00.upd.kaspersky.com
  • https://s01.upd.kaspersky.com
  • https://s02.upd.kaspersky.com
  • https://s03.upd.kaspersky.com
  • https://s04.upd.kaspersky.com
  • https://s05.upd.kaspersky.com
  • https://s06.upd.kaspersky.com
  • https://s07.upd.kaspersky.com
  • https://s08.upd.kaspersky.com
  • https://s09.upd.kaspersky.com
  • https://s10.upd.kaspersky.com
  • https://s11.upd.kaspersky.com
  • https://s12.upd.kaspersky.com
  • https://s13.upd.kaspersky.com
  • https://s14.upd.kaspersky.com
  • https://s15.upd.kaspersky.com
  • https://s16.upd.kaspersky.com
  • https://s17.upd.kaspersky.com
  • https://s18.upd.kaspersky.com
  • https://s19.upd.kaspersky.com
Link to comment
Share on other sites

Esoteric_Moniker

Thank you, I will give it a try.

 

Any idea why they initially implemented SSL-only updates and then silently removed the feature entirely without any mention of this in release notes?

Link to comment
Share on other sites

Wesly.Zhang

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL or using self-signed certificate SSL in the world. This may require a transition period.

Regards.

Link to comment
Share on other sites

Esoteric_Moniker

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.

Link to comment
Share on other sites

Wesly.Zhang

Hello, @Esoteric_Moniker 

This is because not all the CDN acceleration networks support SSL in the world. This may require a transition period.

Regards.

 

Gotcha. That’s what everyone seems to be using these days. I’m assuming the updates are all encrypted/signed and verified anyway. I just don’t want any personally identifiable information transmitted in the open, especially things like license codes, UIDs, hardware info, etc.


Hello,

Yes, You are right. I agree with you.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...