From cf9aa29ace828f9f4fd9ab5d84368c9a70abcfa7 Mon Sep 17 00:00:00 2001 From: Sonny <77477467+SonnySon17@users.noreply.github.com> Date: Tue, 26 Mar 2024 14:48:13 +0900 Subject: [PATCH] =?UTF-8?q?Legacy=20cipher=20=EC=A7=80=EC=9B=90=20?= =?UTF-8?q?=EC=A2=85=EB=A3=8C=EB=A5=BC=20=EC=9C=84=ED=95=9C=20TLS=20?= =?UTF-8?q?=EC=A7=80=EC=9B=90=20=EB=B2=94=EC=9C=84=20=EB=AC=B8=EC=84=9C=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80=20(#294)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Hyeon Kim Co-authored-by: XiNiHa --- .remarkrc.js | 3 - src/content/docs/ko/_nav.yaml | 1 + .../tls_support/TLS_support_for_java.png | Bin 0 -> 35613 bytes .../tls_support/tls-support-styles.css | 29 ++ .../java6-java-security-edit.astro | 35 ++ src/content/docs/ko/tip/tls-support.mdx | 341 ++++++++++++++++++ 6 files changed, 406 insertions(+), 3 deletions(-) create mode 100644 src/content/docs/ko/tip/_assets/tls_support/TLS_support_for_java.png create mode 100644 src/content/docs/ko/tip/_assets/tls_support/tls-support-styles.css create mode 100644 src/content/docs/ko/tip/_components/tls-support/java6-java-security-edit.astro create mode 100644 src/content/docs/ko/tip/tls-support.mdx diff --git a/.remarkrc.js b/.remarkrc.js index 18449a721..ec838439d 100644 --- a/.remarkrc.js +++ b/.remarkrc.js @@ -16,12 +16,10 @@ export default { }, ], "remark-lint-checkbox-content-indent", - "remark-lint-definition-case", "remark-lint-definition-spacing", ["remark-lint-emphasis-marker", "_"], "remark-lint-fenced-code-flag", ["remark-lint-fenced-code-marker", "`"], - "remark-lint-final-definition", "remark-lint-final-newline", ["remark-lint-first-heading-level", 2], "remark-lint-hard-break-spaces", @@ -49,7 +47,6 @@ export default { ["remark-lint-no-missing-blank-lines", { exceptTightLists: true }], "remark-lint-no-paragraph-content-indent", "remark-lint-no-shortcut-reference-image", - "remark-lint-no-shortcut-reference-link", "remark-lint-no-table-indentation", "remark-lint-no-tabs", "remark-lint-no-undefined-references", diff --git a/src/content/docs/ko/_nav.yaml b/src/content/docs/ko/_nav.yaml index 6c874d5d0..247621072 100644 --- a/src/content/docs/ko/_nav.yaml +++ b/src/content/docs/ko/_nav.yaml @@ -296,6 +296,7 @@ - /ko/tip/flow - /ko/tip/agency-and-tier - /ko/tip/redirect + - /ko/tip/tls-support - /ko/faq/undefined - label: V2 연동하기 diff --git a/src/content/docs/ko/tip/_assets/tls_support/TLS_support_for_java.png b/src/content/docs/ko/tip/_assets/tls_support/TLS_support_for_java.png new file mode 100644 index 0000000000000000000000000000000000000000..d80798759541fd90765fdfb1fb74ee2dcc02d4ac GIT binary patch literal 35613 zcmeFZWmH_>vM-9e1rl5Xgy8Nj!Ce9bYam!~Y1|>WyGw9)cL?44;4WiZi*(O_U;Fy&;W)L~%Y0MPar3KH}i z&iTm^1_oBzN>Wl)PEwLm)ydx6%Ek-^=3~4m0DvpU^l`-47yuZVV5CQLa#Ifri&6*p zP4y?lu&G$i91h-FHAja#cbK z=~;YzeeHUFeeD@1BuuksXCwWC1S8vMN=|(CZVsy0&t^Ju=1NL14A3?T3~ZnN#GO4>V_QSz{`v9P@tL8GLk6mt4%E}$+Y{omx!U&8M#U0fUl zSXtfN+*sT=S?rxGSlRjc`B~XGSUEVDp(B``J?vbJ-I?v2ssD?~|L~DAb2fFda&WP- zx1;>a*Vx1!=py|7{ojfH{rN9B&D^d2naR%izi$hAgRFmhSlLz}yOp$WK5Xt`T{~^A{_eUZ z^&QV_bGClryx(wEQ3~d*F@z+>QBtCyzyR$L4R2jRa@Z{hm= zMLTjr$=<%??S9dCJZOw z_h7VjA{`g*)6>()>!zR9e9?GPzHI#a@6w!D$KJO`@3KYx0?yXDl`ipqmT+0kt_&i- z6Y~5MHkl(T!)nx-7mSLh9)dx{lyjL#r*b&4%3IF7g-p7hU!sybeM3=F_Wp8*E)Rbq zb9O)`R=-@L$6ov}NRTj((|z%BQgp|S!Q^Myja8%N+tXPU`fqckEVuK?itZK!th$O8 zlUYRsQ%1iIrVBm_#FoVscHEy$XYqGSCqG;h3J6~V(2=UyKB$!<!^`lPjR+V?$<{}emcNB@9$_XcPF}$;GtLwm1ts~#=n|RWij}nUZhX~W=Bzec@gxv znU=v{=Xd$THeaQuU9>lmnEJWK(9BV|QF*3NL546m?|Of7nXE8>`Y!r-u}opH+U3v4 z8^}Ewe3)x5ObWeT3i!_-!U=Ld_c+g+1988Xhm!b^AeHpPgS9qJ;Mts95wG<^l24@qjHBk$`6M`9_uCe5G!XeESGa)Z?Arx3yOGwpnC1Hq~s;`_1VBnKEgm z@xiwsa}&e7*+Mxl!mkrr8@Kl>&~cuQ$w zBMCsNK`Twx3PDI%9OWWYpt~-wdwP`|A*wNbVodifSRND8;h3Ta(Fr=X>x>KU$hY(o z?o;Z;ie-t>Mj(n24N5;>YRtU`-xRHE(|{a)(_%+vChT5CEK;tp&y_mjfRl+NDpTn% z_3rGnigCSJq}4H}!kJqeTg)4^;PF%yEsYvG;S3><1f^ur=O?_|<3*z)0@lx2_{?7{ z6D_WG&n=&VFB!v=!hZa{`Pgids_hi?3!TmxUvs|h<6}p5mOEiy4;@-#s2IQ@Xi%EsQ0KJ z$h5|5zft)7c&|~yl3hk+YHrwTP$s#*+-h9V=UpTlAGp$NTjBZ(;wk$q0b$=6rXc%# z|7ra5kw`UX!;4XVe1Y^#QkjNr4q485x6fm#+-$MS`HK%aU+;+N^+HT;V#%8!=c<(^ zD|SxZ1rPzm^Rge&b21_0LZ0GkS+mA)VCjH@&s|JzqRMfj_3*j901;-vLt^JivQjYL zks{}dMOrzfm&>{GdIzu|CR=biW8PW_H_=l_oLtmZ|JHV=SV^;4pFh&qZmm@=+w`*L zb65Ld(=Q?2jt?i7UmDDrg}wi%uH(Ccl|0nsQfTPcyPZRoa|Axo`T9-yKX-0f3?@-I zFIF3rx*T%IuOpf7u$@ChAs@fafmU_jdEFjq&6f}hInstv7&USFZ3rcYytSm>K8wOwa_$IrR@g9!?tQbO(tor>C zaW}j5V%_crtK0Ha0#3CP16Ka0#J6#I(=3xWU8+DUb8TE*#Gyi$8EocYAH8QobM%B!gs8s0v z6oL~M*O?C0aqBz7Z<(J^~FbRIvJen(eiwAof zOI@y8@Bx!VM564m*=GGm8k(&=qSh32w`i(i5ZY2Bk%_E?dcK>9x)E{|pD_C@?oZV^ z5QVO3K9wt6Qst|cyaKMcJJs^(A$wL*TJyVP;dlBeo5ZDy%b@#%CfV4lMvGB<`XTb1 zR(8GTOj=E`T#f0spzBHAcoYd?!jw+-bg415>2DeMUwf~R)f&wnL!Tlz_{4hadlt`^ z-~8{G^`&kJriK)eb&E>N+@=hZa%|hg{xE-OEbT623yi=GzVo^}uv!9|jV63r4~pkc zLl)_Vje1vZwcg%Tj>(|BRfu|@PgKicCa!JS)d-lil6y&lqO;U*jyr7&%K&^8IEWYC~0JsYD5x8D2TovarWCJyV$ z>(`3G2711filPwBoFx?8RL`=%+=YpK!7cn~eU;I&<;1a}n5;b|xgX|&{Di_e63 zY#-E_-VjX5mFd8tVM=cIe+S}oBV|qSOG}He^(ZiZ@wPLr2!0@*u~j#dJ8>sA0Don%u8|HPF;%{rKk-e78VCM4 zvVZApD}UZsAt$kdWW3m_)>OY9r?Ngx<%pQ=T3tTuOZVgoc^>2nXvqVs>`qr0e16vE zOB)(s`zC&nJL&OSR4%CO@{(C^2UU};Mt4$&^wc;HtZ*|tw@}MGIq!{G?Jn;9%02bf zi>@zHNY?Zy_I~a1tN$uD?->4jaPHR8ba*96MtE6tyuAAUcy{$SWZ>~W%Cp1u(8f`z z#i&(P{1ttFlK25~e_U~eNy4$zBVQE3W7h7oK0i{y&c4YyX0zJ9{2_MIy1GH~@$RL> zPjs7&HK*ike}ZI@3_J@w-qh%!;2qPdP+vA~gT8MG9~`jTJ0BM3MOuRb+I&eV)_SH6 zWNOHTZ6NG=s$eYmky?SBNLo`CtCj|zJjO;MjScQ{u| zp%$Q-^dq`&j(y>=FPSJLGoHs1;0LsifjHbOQcD{wq`5!x4;lWJLVbsidA!)*m23UE zimNt51Q_vJ7>*a^e0{B$%G1Q)cRoqBLqNktJ&!J3e%p4 z5C@8bDSudaTbq)QSVB9(*#Q!)dp6_W2=ioXo3;6pRtWn6!q|l}d3{018r_}eMLrDi zuR)&h9ilj{(LRrN+^%m^b)9}-3TlP8y((q%MEjcVT+}nM2d3$re^kScs+!PjlGoaK z%MkHFDMQ_OWAH~0HaSA+2Vh7!6a93f%>xI+1QKN4J+#4LTVlue_BQY3i+oQv#y4)e zWM^df76vc~^6-O{=1X2vl1|dZwfB`$sMn$5 z(XEsQSM8G?^Ees?7i~HI{;8H~cOe90ks&0se`9hhT&UAWyCej8uq}Ccew-bNr=If; z7s%)LN7z(!KqBPvCR9l4&ZFpl%&9jUFJ^%sPj4_U-D$DkRBy=<*6DCmko#Wox#|aa zbIH-9VxQA-M(TS!u&Y2v3p+50)Y%9y1%_I}LN#}$(PIkShIK6Bk+5Zg)zKup%JZQQ zz87(Q!M@^pLEW+Y)(Z&=$;*>|9}CEw99{)=z2F1ekipifZ5(FvoL56YF9 z?HKCkjG}aLjK_Ingp)6kC-nD0qq|!H@X~G<{ZQ{J;HXE>n?=7fkFb77i5Ra_>motI zK)1`2`^&wu0o<)jk^DO?vh{TK83cHZ-OZ^VQ}Am;h&&&G(l{ih9D&bxnu4`c0b~fB zG~y0;!~U?QDAT;9=&QowS}+l$v=JG-y$F45L`XB{3y}JR%%73dF{i6NZGj6jeO!gzAGd z#Uwk6xtp`1_XU`E?7k-5V2N5WgG+b07lVu=IKBQuc@As0W&Vlb)^x!+aK*SkJ;8yMx(Vz;3_m_Gy`Fq*q_Tro$M zmUe#yha~MsAQ&=Nt)a)hns(EK{I!F}7ULcJSO-T+9BXN?8!^VKGnP;O<1c(46v@Y= zygOmOJ+6W%0h8ef+m`aB^E80I)Qicd$g-ZQO5Y&j4+35~@Pb~!(OKlIAbbO>zj`37Rh0Q3Ug7VQs-q;n=J`GRNDM!p~5dYoEpf{4>*qsrO4a7w5Xh~oL z>ZJ+j8wSs;DE1i|#LNh|9>|h)L*xyHyk^3>{KXYgo=l8q{J8)~(wLgx(Rwt75)$BD5jy;(66 zzGkleE1e#Ro-ZGNAi{g48{akqk&hs{4d&|MziH>zQ<=4M28gpYtdSPLbfncXH6$?$ z;>figz`amBw@@i_p~u^KSo(V{KTw=~}sIcGZO{ql%kHU!l5yBM!GJ+k&l8 zPR|?5a@9JxqWyLb_6B$``b|a+KlPkig*kIFVn^SmZcWd2_N6c`yQ&yCo61!}t3pf5 zZy*FyYw?oeWCnz=^L&Z-;UgIR5a52bJ6TZQi=S^*7q{hNI%hyiQnk~KiFpZ zBZLRG_#;rUhDI|0VVmVZMjkQjc7pl-!N@t5x4`~8iPgPB9*OHkEsV9(f%Oiz==T|y zT`v4$D=^psOT!0lXdr?Em5Te((%z%qJ zvwOsRO__qkRWi8JkLI7<$dd`DJo5u><9tO|{N^_fx^4wcg!c)Fs<52)CzT%EXOY5* zdGbA@#MNQt?qWIN3RON2>We5P9SGy|JMXGzqQ7lEW1YbfRmG#x(yd2WqT4VDCjh(J z*m3XiPPp+e6T#i1Lw4#<*HXEy@fR>|IN26}e2^|c!VA!%EN_SeM1VqK$rj@Ga$BPI zX~P@#njiPar&!}cWLN(OtyN=)?Y+irKRE`%c3`vf?GTU-Uy#@mjDDX;?dAIP5qw2u z&lT8!RUXlK(}Ugbf9c*#MYun23hzi5GHh~)7sWOalH1-(M_O9_dBUFz3uBa*-4wx8 zN_9sX6Ubw}LF@q2c?dE#(i)od+&BA*vfFEO(i-kYMZ#mJO3Nn3MQwsb;lHC%qFf;= zi^%4&eSVtRg3sJ%IVzifnhyoc|5H znd-Z_Y#r%1X&TOuQO5~recSm>RFM_}>2GV;zokmQCJDDA)rnOh`}jpWf1fncZTEB& zQV(h3-PifbmMw;hg!=mQaBcP4-6d~U$hy;oMjt^goT0vx-(7N&^p=p;op(5Z$a|7O z_j;|OCLfEK>dy6z!G*@0DYo?-V)EAY{yA^zrEUa~=8QVajSoD@ z9yJqUsd@C5Z;6qn*Il6{K)R2|louD~5K4@tx}9MR&<#Mh(LMb4pF~;(Wj($p`1hXJ z0Mtm~Kq)u`dc{~n;dyqU_e~Q&iJE7BC8Sf?h;pZD@z)Cb`=nPOuo71(r?WeM!0z@R zRL91dOPt(og1Yrb$&5UH)xk*qBk$hdY%WcHgHsr8TqL@Ah1#fft7c3iUz$81AS-mi z3R9WQoy-h^yEvMYgv`1m_1X1~`QA@q>cbWZ-nmy-1aA!-{UxQAUO7VL>cB4dTa}t!=Nv z{h-H`JD*A7D8TQ{ZCm^edZLORV4;`n+-+yxIY}lWMUFk!-c+g)#Z^BA%mPVDntwbB zTDq{AvBlSOvVdSZ8WiWcHYB}_w~!C?+6#d;kEp^xOg zUY-=j_;~xw)!h2UiS_XyC+4Q$^zkU-6&hx|+`ej)NoaPCz6B{8x!pw$l22Cy0TOKQ zR=Q#KuE66JnmM%{{(28RLJuiB7jFsU!u+G;3QPtgCNoqQ!4tV9QTtTFfqmRZ0n_gf zAQL1lT&ayOZG9j7CaQ4!>8(sRp=wKZL{G&J%8! z6VVyz5oKwE+iFeLmgxm-z|&s~NC<2Q;dBBr(eg4AI~@2so*=%g&Cv)>x05xc{wjn> zdoz{hvQO5jhR6g4m%8O{*j%g|tQ%72xIymD2C&}nKX4kf@X222V_`aK8VnTIdVjw{ z!ie*hY{xuA3Pc@vBh9%cT`Y#Biku^=>7d}ND`7QTRP@b8-TxjAV}g96mZ~$nuxc9f!KzA&qxeL?0#v?qwC0S4-Yo7gyw^}$NUht z3i=7)&9fy3z2n*rukm|@WuS+KqBRHJzUAgssG-#AMaNL-g<1@ZvG2MX*cNwAS`D)W z#>PLj7-gL{fSNx;H^%g1p%WeHA3bQFQQY)`Pjj4D`;VW{Q-%L4QC1sluONx zc(r^@JW!%viHaU&-kVoE%Ra=$-p9jMII2tWH&EEK#eU20*D#ZTgI(!dGAZpuVF==_ zZzs9)YgneF@BbohMjbb-_TQA@MWZIq;j|2B6Vt~j_u*DrCqzNnVON~-kXrIJ?>&NiwZzo@{49I$pr!XINl=z&=W&sqjGi5p7S-^kgJM#~z zg-3sx|~{= zLLO_725HX$o6DHofula%BnK~_cEqlAsU6nIx zE9TD1(qt)Z14C8L-4ZCXRbKnCFhE$PND4+EJS+^zhbR(z!ei4*#-TpeZ8TdlK9xm_ zbAsDmVLd#3%PQ3PXSzDZDjtDQDJ(^tl{zdA3xm(OJFAX>&fbH=PuPkhQHP?$-&C^~ zpCS!d3&Smu-L1grkqj7C#xew?fsTy*dOCQ8Fwjku_q~&I&Rt@@JewNy!2UpqFw(+A zg@N{vF~?uE94A^iN`|3-NJ3~LO9%k;#L?YZX%v6)7JW0+oax~>{I!})ehW6j4c@SU zzDnrpY1846PM{;FNJ#@bew~x2 zv4RQ+1utmkkAo)9PZpOO0^BSuUOXc=KqAoaBfAkH?+Q6SP$h#;&Q_M4!1Nkh32ClR zqgc^#p>d)q;$*aDwSQ2638l99qV)^`NY*$slsP$YV!EayRbA&x4o@0?P^VWX^J}vQ zK&^1Big9;^loBF-K_??Dy#&V@gs;<~hB~8||HM?`;*2fcllC zz%5v_oF(`QPLrFI2c!)AX$#zAY6q7FJ5=1*>Z)1!_Rjz~S*{>6W0l~Ef#by*ox!9L z9ZQf$7FmZtO07S&fP1I=IQd(`EI$#QE>Qtmg4M0-| z+q_5zKp7=i;P+Y#TH%%1>z{4MTLb=jBb}2$ZjO;w0!R6LrH_DPuZUbWsJs|o-tT-a z=J^5TspU=Wus^@VPjYzh$C^TPxNTTiJr8I1R>n5u8X1@vOi^c5Z5+)^RS&d(xR z0c`C3*sOq2pI|b$*N!Vu2Ced>Z)~iBW|n#lwZ{RCG*AS*?-NXOo#%B@fNgiyv<$^3 z_A4-8Rf0;KvXh#UVdUZ^c<<#OOuTmo2j^YkurTi7f57L#ZV17!=;tarXDa_7=R#Pp z#=Syk@v@=+Q2%9#q2un?@8tInR=(wkf&veAjFl4jE6smj-zI}n_dnvLJmUQi6psKK zD=9|E7VAYbL-h|tk8%#B#^1=TUCaFkXm=-tg6|${)bUvV)Whr^~2 zDfD}J=KZBS7)g@)UMfuN{%o^EMdT&zhfFNFCDB*+YcQrkr+YlPu&0z<;)f#5GIh0| zVfhVi?oYd@gIm7eKR>gqU-+@jLbt`?VS`1$hR2+WNWSItk7+$$I&x8;@|^kMCzdve z7Q4;j@l=*eFM=TTBIQp|*x#v0Cv5*=^YukWA(gp^!)#0)8oHJ2^tE_rw_N`{CYMiH z*y|?AZH-9PPCrxFi|11`adHNa?Kh31!AJrwv!l1khCig_7&L41lyYj7(|CLYeEN4v zwZ>D#?I1=u=g@bx{9?6H0m3DoDinCq%D!XpzS^bF?r|_QkWXPEqE$-x`F^!vICeDm zI1-O8<`X1TppP?>l%L}-EUw()u)Amkb$y=anyd**9C4MSJhf)6s`1gLpZ{#94k#3ZNCMH_ z>FK0l>Z8I!ioOIk)Gn%${Sz7)RfEK&;zhL;yey*PYNWdA)G?ptWTBTFhZ%nT5{&>d> zJeiC4_V%9tvB%~7QU7MOJDbho`Fct;U$w(aOJHDOc?tN=`rZ@oX6@P!5}v|h@T~>T z2FtL^vx@CCnZQORkGE#?*H&MU)kDOdog4D`#FG86`jBG!oc>y?BOZfxx6t0!C71V4 zlt{>AwxG-&qh?-Zu2~T@Oj#icT9*}c21muWSTz)D);XE&2$dp3^FuUu-kQ#DP!KX& z+&~4wr)sR@}=4>@|ZZek6lhbFc<7dz7 z%WBr{#nR?xZuw%RIIrDWo~!LDF8+{2+5!U#R=U9I=RDo!`16VErP&@ATD8$B-o$1FqL6;?RfR z{SS_@1e1Cp3b)nVk|m98yUS1=BQhYY-Q`psF^&HS0@NN$=1g5d0LXM3KO=cgfOrdG z?+$JbXXomiE!uz1XvYZ`@AU=rU=%$I(?x^Ip!HFlQcCqg*}16w)O5~G*10py4y)M@8SJJ=#zDC1 zbHx*>TyAHi!~!maT2<=v+mH4&T_Qe@GrtET%UrWpG!u9S(mBk{qlbhATyF>sI$ioc zUJX5B^PhN3BCHhu1elbJO_1YG|_^cDt|z0@m_5I;`vcIsOHh&bD5$Xt9( z`KHA1xiU?D00|ny&VS45t52)zIv3LA68p9H*K{x{uIjSWUXs-Bbo6pmFJ6KSD<}|O zpqwqBR;);5B}R#x^6Mm&Zq6W{7GVCR){-h)*e&JTe6^YK=izD&z;G-DUFkQ<59gab zJ!;r#`SP7Od<9>G_=R@AJN^vY?gU`Cq$D@nu1X_gkrxKQBdb5Uo(jL&^z%SQb!Y~G<>?BLN0;hNg;oWAky2)gz_tFxKoX2rqLQ>m;CWWtTV6ZTZ>!+v z4)gYtx=?^GWmE6a$JSj8JsDHpk2=ULxjCx7uP@J?;TR%duvY*YMP|Hs5YlY9Rz>L> zYkcS`*e})?$>{1x+&u4|C-H}~Xt!(9`;_|fa_odnjNqg+YVpXmT!BXwfX8!9BP8l{ zMGC1Oo~+;+cuQhfleZhoL>21}Y9@n>(taxDz7*g>{(v&fO2NkqRZxn>0>_;pwP(-U zk7!fWi0E&3ukEc~I&&?XV`Eo9^VQm^(3CC7AR-mFQBxu|3tqVSUpZY~2S|}H#ubSo zlAh3%fZ_~GR>M}YUlS?j$~rnSUkH# zXK?G5kZu0R>Pn=NM4A<5d7bU_2sny3O-|+7N9nD`Ncvz)yiathfBHuY8BQb2&2*`D z+tsO4B}3E?YN;NU%spLCZPHz-UG0vR$?q}TK$pR8quuP9MfYn8UhJo>zJk!Vbgnjm z&-sE$Y{n8RO{U1S#+d{38YL@cz3)Fo$aYuCgOUXapxG8&sz@h4!#9(;sx*dU-cn2Z zKksCBxLK_(RB1we;K7mfN0egh=7c@QB<<0(``)mm?Y2|a6qxg^wqx)_W|FWT)Jsp@iSqtQHT^}U270{z|$pwt5R!TYE`ep&5$IsTi=6nM4N75Nf zCe5ErFar=?wg-@zh^EB%NCDs8Iyk^+L1BW3D{!(riuZP)pUD7zQJVW-Z?=nqGM{+bka-_0W0g+8V{Cqk$qP zbe>-(cui5kBG8@1+B#LE!;$ns>02l$%I;~p<3Z3C2W)Q;`ZD;~V*KohKlIgfHh@$> z_j$wb!k>q;A(hvj96#hMPxX4MZ#FTTX?hGTI8G$c!$~Ucpl`C3S)s!}`a@}~p6?~% zs=JR839p?x@teZF7;KXJ%^0LKGTI$}lfwj~Ecqpu?1dh~VgGC)j|heazBjn_(1$j| z**iSYoYkxqwP>NNjnHC;3dPY{8{X~V`tWbxVJLXw>WE3qrFsZ8HTDU@2_Cp$BRi+c zW-B*eQWk0rY++Lk*XL8V>@;DCE;MkL%=!0?qUpeE4294>@eo0BE34{kyf-6w*J}j{TR3m@xMgK7G z#j4BjhQx}_aHe#-nY}Yd+HmjhK0qd?cGvdtHfKaeY=pfITd4X%KODlO+wk$-!hu@B zfkuk2jt1ZwfXIV9O#;oQz}HCnsJ28(S=a8y#{s+HPs zvgaRIm|g-B9QQ7u5>5n3#}LbPy`D)PFIE+tf*k1fl=$%N)7ZSnt;MOE5$CyHOCD?l zxuuM=L<~GLINhpEq+d)D5ryd74j9e*-A>m=r-aA`znVYomT7Rgp6Jlpif3Mfr*`g! zr!|^0zwgYHP8U3MjTVB%)0AAcn=IzXw36O`Lc0~pyUOHqe9x?N!D$9clLI1Vgq7w> z6+waZvd4g%dVF+3$~Q=oa9|V+(zMuKj7c@Bv<~^ocT2U#)XyW|)Y#|%vL|XmklXo= zmBit7!ZX3N-aK^>A-m<3+a~>vkL(GkF?fG}TK_f1EsCMqSYx)<(NsQ-4R#`(bNEcq zvU;cg0UZt73k&y?hkn4M5r)Hiod!=#;PG^}`~@T_cfw>2>02g+&m_s8m?y;vTs~)# zn3&B5uNWtH9nXj)ddrSYo~E6j154u_VSm#dvuP*m@IHb%M)x`!*dxd5##fuXc<1d^ zjXe0an(2itj6jtgbo8CWv`UPVvYrCmWOLwZtGTU;OY+^Fma@?Lttj592jb4i^#A8@A zUiYW8Mw|Q$j2p)}U7l}-e&K&Es;cS4R zC$(f!P@^2w9c^}vYtGLm5}n-o{#{hpaR9-3>s^`6*AWK)S-{nL_j88a$y@F1D7N zKHcvX_HeUXmMGwr*YgayGc8m14D1sm{Xt2FG+?U~*Lt@djaV3wT%ozm-$_=}(^1*b z=7LqGDQPax?z`n-RlGN@U1||{Cw9@wG;%D;!xNSRGYrGG%~zn;Vz2h(Mh;ncXv_vz zWx`sEoe8y-dEKAwj_1^{>(+17ic7AHMtQBdJI)V{w0i^gq0g&6puY1T2$(^$v=plj z9fsTdjG%+CYe#D3oB3o?AGepSWnc-yni6->J{hT@yFsin@2klVLC2@yj5XgKg5Lz- z-qe??NDjrP9Y4QPapOtWVR4zfx91$a0LdBm=NjvyLDnI4g|M9o5KvXm{pwG+6IvMA z?2LoPA_1o~6VUy213sIk$1ntjhOEJSa?8y;AYn}Gn_9EJ2c+B-IdfE~(f)LyDziM? zo@6L?1tvX47&Nocz7eq)b!c|sZITBLP|T^`WDjj@ zU`ApNw%;4=QEutm*+!FIkx$sGzAl|hPf}s_={>*|Ch!jaZa5BNun$CN{5q;WXo>kX zQ@u)Ls7qqjq?uVW-QW-Q#zO7j41ydkSTIcx0bJGMKK-7yjy+T9>r_tkw|WjP^ zK?ozmi=p7x8%{Fygs6FZX9>#<+7F&fMHvJed5x(bfc~SwEa+uO65D{f0GS1?l!O2$ z=Z_TD5U!(=1-S@aXE$;w+6(*;iv!0LCq?rD8_vFsi4#rZZv4-~0abYI6l@Hkrorh> zjym5FLBAxN69jMlELDXV7`=`x%f)-9l zHm!yGB+9Vy2luDWcOU$=6Uoel|(6j1mtkiCu%PqyIX z2oZ35K}==?NH7VDRFa|fG7lz@%i+VhuyOG~gb#~af!_!XQ(K40nF8RL_jl5SLbYo? zPn0701i7f=EuhHu0gylU*a>$qNK~>fBybzN*!$uG!ghw5y+s{-*c2#(6b$KLug$XU zuJM_ZV7(`Zn@Y8(4Ch*mjL=DIGfOo(u&Op|4LwYH*(i8mSCZeR8;faINn;9l@3OsP z&=2#xd>`8mSHNkZg6B$d=PInrVWB2SNQi{?oe3^Ywsye3oKNLU$mW_i8sLXZ+8>M- z8u@sCsv>rOju^IpN9TJkOptX~coHfDBlyR-Qa)pXhpBecVbGbq&@=keU7}mF43$<% zHJxcl)VDV>Fvp=bNtjON?v>++Kys-Eiz&E3GfAZu+ee;AQQ6)+wLhx6V*=Zi_HT4n z;ARr;pgs}39;1bsepkq!khJlXmwHWhHv_&o)CKYehhAL+fw^#QaQLz_Ar@8pR4M$O zsX23Oo1rbT#iV`r*%lQ^D?7CV|ZQ|I@mrE2l#unOVvv^v;3C(0}FuI{C8|7T1`z3DCYX||U)UOP4 zP(~lS80jiek!()jPMQs^lp?QJR^Ai+LJ@U)hb~9)aq?!II8374#24=5XjB`I6ZZbI z#-tcG%UbP#(v7E_{FrBC>{3)FpOr044mSw3#{g0Q$4OU6_WAeg{efa}J6gjhcbCil zPmy;bzoQWkh)DGGX07k|oRcYU{drl>==n(ug0LDGW&~zlHqUJ`T)M=wk<~=@1a09o zm1^%VX`F!B4oy>XL>iTxwM0mXrXOtS%$1#8F-F&*VWi|L(#8)N$~jL4-xa3!V|?@9 zN8ed-q07YsuW^`I7HCp!7o+oZtjVnN$HysyT{ex zO`%+Z6G}J9vdg+Jh9SWoL`2*^eR%9Rj;`GG=^p2x*o110nPT#_pwS#>%AR z@lb^Gz55&rVhl`96*Wn`vJD$*O^)u#XQPy!)YKF*>K_diJTzKfuIE}mzJ^__qr&ES z1^1>e^0$ke;9row5k+O#gRPwE@wz8}NBb&srZPs{yWmUHH^vX>*Ydb8NMwY^@SPR6tJ@`OvwF=oW(HipoLjfCi3Eb38fXxP zTB>pJm8D>Z-IRbIk=$2}7rR1*8;wUWItU3_sCnK*)lYyj?2xxzUY_@j82WhFSq+7> zx6$LUhZZQ=KE>em%lz=%(o5=;vxPwmb|W4``p9IN)bL@DBu zq?yU>bz~~*Qpy99u=((hv-OU{-^zZMrVQmKOBxe#HgxM$P{(ULXm@+CuO-kB>$Hte%!k-Ti*-~P%E3RW==Fec+PZ&VZJ zL2}5*RD+A~e0HiOA%&HJ(3! zy=^PBSr*Y)u3Cgy8t=>R3vIHFrh%^L zDbDXJfw}vlKcF%qbJzlbt1s`o0*fpullx}%;=^V7X@R~iko;LM$hNcBpUOS6sk&KV zp9R(gkRwJVFle%om|hb0hMMo$2H^&Lz3k8DI7)MVZ#&S)5A zi&Oco)aTLlNw`{(l!ETVs;83HbO=y{(7^R@CY?IgZ9&fN*#vgT*0`_VD>;C!X-^?_8FT31b5H`m<{ST{kqs||a7043pL-8xhph6rc4sJA<`=r} z*f!5*#G5km zouG!En@G&~PwcyF!1RyG&hnXK{E&)Jgl2_lAYB1&GPrCdxXZOmILyWmZFY}@P|9Ay z@&`sOs#yhlZuZ#_sNceWuKJ<{iGRhUVAuC){-hn{MJU*uCxUrx_Ij&Q>;TumB+c7*e1c&w$$cKus4!3P@C_0b5ZA6 zL-t)gqK}x`20x|lGpdpFuVDU0>09E;kh7ww-|<-cyi3}#TMqBQD(-zqc~vIi~Xq_fn)?zk--pn^xQ51AjMiba@}DR{;7tkIOn3{{TUgza(?qA z0$Lfc-y2paJZI!c1oHPIc7{!{w74ps8ZPSjT!~+BO%DUubZLP)8#qt zXR`_Yq61IJ@cxF_#ohS87ucWQXN^C(_#PW=LHscnO&#JiWmEd{R;X{VH?I)~kbw+^ zrTI#1%>JI-ur=?*x3Ra@Nz%{hTJHv{*Gh)j0o5*FuKopTZbhR|2J!{!uxy3x(JCal z9OG9Kv9+Knn2YxY!w8|pl8H+9kn{hr$#+BzsBUot=(x=t6*KIyp`b`%ND$G#|1TsG zT9>?qi|vfEbR)(ae_oB_D5D%kOlpsw10HKD_{-u;%kW0CJ#D7;x_mV(?P!LIO#*OYjFlr|;6vFNN zKLcUK|F>07*hzS{@Bcz{o4(2a*Z=$%!2dF&J8jkDOw?Vh&Sa=?Bz`^Da9~!)iJ;Zb z1FOyRmcgLIHyZb+iWsz3v{>bj$7%sIoowa-eSf~_>u7@742>L9y|Cv~+EZIMpW|wj4_H!d(BWNLE#F}rCibtt90)b`V&QHA^uZm?w$#KEpr1jjk)p4$ zJyfAVjCRM<_5qgNk>p4)1R~H$PR_c^s_JjI(Mfbr1+~&ML?Up%b9@EK-X1L!j3(0Y zGhZKUQy*DKEA;`5cU7ISY}(eEXe1*ivm1b`#zRJFIgZHTc7%= z$e5ji|Jz&JwZ?F0HEurspDcdo8B1k_T#>E;Cnu_19Gy;g_S=(r#$RZ9Eq0# zS6eioZnI^7FzQ^bIDE<8LY1BhJTjJQRL>+Ky*drUm%@)wKaWp;H=ZD~&-WQJTWug{ zHD9ik1TC>N_&#_JMNmfFCP@WcPY9u<1c9o4lcfAsTX_MR&}#0;&Pin@MOp(Zbxi2JYixgB&+jJoh0<7Ymm=F~;nn_2QU&YCr7 zeK9VrqOA4jntWe)$n2p;iDoiD-i*@{d;KCF{DRMnaRvoji#59?{;&4lDkzTi-}?=O zAi>>&Tks*cOM<(*2MzA-4#C~s-CY9&cXxMp&D*T?-+QgvXIGs%cjw~ef{Ur@>7j?2 zex9#xt%5m3MT|L9h)Jhy-1atrc!eK4Z>pLVqhSBu?Aabjk*OR$VL1#lEDncLi3F9$k6$doOP5Z^t4QMLwWSzffi_fL&+;F@A}@B< zV`RKFnar)C)4N-q>YMb1LM#%lNUyaY!kEzp<<9ysoE$pU(1qHX)pvR6e^sph1~VAT zz{ogsw?99jZ+9{IA?G)N=QIBdu-dx6*pfffYIBzQEl%Kh$)MR}<6m#}$D+nho>50A zO9vl~RxMVqw>oud>>u-4ULk$zIEwRX@RYmdAe3GWWw!|k9Ty#Tw!-6oi3M`N;y@0i zcFr%?|2+g(G}!xc7*x{C>Yc#}qYQVUF%20>znz->xdM7cBhkbp5Fx*03NtgsABu2l zrBY+-3|I`>+?u^nIiUVdGikj^_1@w6-um$^^-`7y_TM&h92NH7ErRLAx7SF_aAcBz zDWGk4V!$x@m(}c)z-6`0XS!CN7Nu2ZivCtrasTsj$K-lTL!yZw00kz}bWuPl8~rN; ztf!{_4*$T-`=wl?DVpbTpClQG#qiq{!-Q#yYh8arCRK~9RVY=6s{TIuYj~PNSXJ>6 z=$^$vd^PHRlCRVuGF>XCEz@WUX?8rzr)Ph;$*p<|i^u_S!p}gRX1Yn9;!$@Ht;OBZ zs8v<@{Psj$t-~WNTF0IDfzu#6^D353QH-EiTcoh-9RfC2B9(HvnZ{5G1^rB!{2UwN zfbV3UIO;2t_d<$%f5M>E;xs|N%C+)dR|V&lSQq#QljX*LEMvmyzb)e)xECGUI-5_U zNare$!`Pz<^WpkqtK4>5kMLyak{LwYGo`ZflC_xh8ie~3;x&tue;LPoX7K1>ko0En zPygc@a~5LKbcv4ELol1pet+`4$JiOB(DryBL#NkTPR$M98%-%8N0xy6%QyjLGMQ+` zd`eV528`ow0mzA$O5L831ha4e$55dFJ;M8Ec~kAbOyi-+JiDt|+7!nD;+j+^8gN8> z?p!vSxPUj)IC6%+1?ZiVn%S}$98U9Lg9;-`i_8|j9OAXQ@73Srfw&P5RYK4xi60*C z<;s_v_5rX60yfC8FXiTEhmOg1$(*H%K;j}1W6ltl3oAt~e0OT*(RfEC@=~P-x8-?_ z>}V>xUG<|sJV9=}^VM#aMA8@BISY*rDR>;_Y&#nNG15xsc<}r4Dy`;a=vSDO90#(M79?mq@m-l;>)QkJ3L%aJyp=9T&`bBFYn9&3_D53a zP6co?0;DW%Co2VrBN@D7`Itc4G%FaDLM{x8VVW5v=j+T`=S#8pH4tI4a-#=^*k~S` zEgLW!7uX>96v6T<7CdDhcc2T_^Al)PQqw>JNhwBWwO=z3ggkb56*`%faI+S+B_YTu~X#8A{P!s zO7Uanyav|Xg}(;OizNbu{OsAtAmmm02q#Az77Gc$TFqoPJK7U5FI%!V((+zW4vx-4 zBT3GXq$Pw|tsjZt*^?xiCC@q!?R;V#7C&VW97L;Ku}oQv>iX<(md-uciQ|C77TDNo zl_gN?)+^?N7ey}8;&8Gmd4oI6+8TpVUG-;RP5M&G*!OX1^zbv*xKtXCB&O|w05kG4mei}E)kPyUv9-b&MHj~g@D5yG`fwk06s#qMEiq@u3urNUbwDUO zH*MId_a|mTI=B07A+{(Y6tolGd&s$qFln{f{4r3&Zw{C4 z_bqav1uo}HtYIvaDWl(+VFvcxLP8W!NCv(aC9*k?;p?a48^W``E{t=~;fzGMnA*A(I>w)Ik&mN^{8 z_mDzn3zs{6_Qs5(8N3CbZ0+6gE`|MU%n9F&fCIXj?Mjlyc!snjxH{S%QNlojL z9dL|Y&cS_}ogb%7%vvzji=aU4Pzid!!m_$QaBa+M-|inwd0n$vbCbkJw(*E1|A3DD ztmT7IWeeTCP-{99&0@YN0o=~>J5rsdnw4tI=?Dr*y1 zK)6zwr8rX)6juG{K(wJvnAS^>ZKt1DIa`Y^Tc0(RkhMty-l@Nd`W zYboBZKTZ8qy~)g`vK8rVg_a$63_a)bI@2lz4tVv5>J^D3SiAbHi@5`?2bf`aB~{ah z=TSWhg;qpBz?AFICXi4zrN7?re7J^X+pYkA0GAD1mdyi;OFD~gG=>xLt;dd}!pH_O z1NVvUv}UM7^XA+cas>ukW)r(g({D%w-+#{Iekn`f&2l4YaS4O z{7{!HLyL){Pf5xN$N5?N7SgOAKlfawFR?+mlHhAPt$G6$RB4u3&k-H7;ZJCvj_v?V zQ+;DG)0tAd!VA|>z_ONKG+te{u-Zk(y5ExC@9_5OXVi(5(&--G9%>OUB-|TG>2HZ- zQAjiQEmkfmr^oF8n%~(4rMzq1eQEPEov> z$G!7!MmTg=zV1(3-{ zLTj=SAW3qQstIuwjDG6+gg?Jl%`q}XncFWXvPSR2>^rJ$_Zn6iOw}uNtjzY!udbG+ zl84Aa{n_avw*EV!xbQ~hMDD;-qiy(L|E?nx8i|WUi|Ti+D%em`HKO$iIILFWEMk#3 zj=Dn@y*{rE(KxESUURR3YI2C}p(JVwTFv@crAm<&Eg(o_(c`JnUdrRI?;tI#4%E`C z$_F1s0iX!uN4^$1$Q6zgLx(5crCXH$s?&sw_?|04D& z7WmDHY;}$A?JVpB$#&ug0W{-M0RjvBj(*Ez67Q?At~w6N4O9VwFjnShhO<(7i=Zs8tfct1{2+m@d*+TUPwcald(BSBLTW+qT zS0UUAq$4lmYTA@A0v|iR?*Y+kmC3bh-+QZ6yKyqdsa!*7c?=$ zB9o%zk{&wpX|#kyKFXlRTyT%VqS5dLA`s*=tcA%Q`ur{YOPN$7f8`N|sA7Kf_71R| zf@ul_gnst({3bgJ7K@ceU6PT@q>&6{DsdC`5GOkaE3aJBvC}q)Dqhlfs~E?G^(col zURI{G_qN?rMJP~8cl`g=YE3`(`aB{=_MYv`UbNE@9R0zwODG=0|GaBg4|4i!#q z2N-3_{)m@bV{*DzT!zEOIUe&D-N-*Ca|eWyA2L~>g8LfC`760oMkTIXl#*BuH=YW1lgP~9mA39{S|Yd3N;=shfCe_tA|?kge1c?1v_)FKyX0>o~gP) zQC;(J*j(S-FZtJy!st8nNCe$j5eOWFa@{f(cuJ#FOKPw>&Ltq;Lq5^`Xmd#z)tvst z?n@!_tjlmV5b%ObA|%6q8z%PY)3E*wnZtLKry(#tI#TIGwl0hE+mj{PU7DoNhGB_j zN6d=7j#JpWgiCqiM&ZLNsuWE(p&zi;%G_Q~W2j_$Xte87U2YD_7Q0yw&b17FM@Gfd zYv$(`S}+qP^`LnJp?&K{l%+f9NlTDUklyRiq;@Rn@^Y2W^NXAtIMi@M%k||9>VQjZOhX=uRs=qwGp}m&|3ymL&6?6+d zF+gNdPw`NluqKPcbN_t&z*v`K6DvH)`w2YJ_=2Ys1H|K*{t>yqi_jl3i`J=&Tr5^a zAjA){lb}*6>}tu;LY6dq3nK0^@FP4JB`<_S(CMw_OGw)F13!SP{OLt=?#t?<}Pay;eLI52s%FCasRj%ou ziV8G%Jy2XR3=Pix@6HQwI8yOjo2B?%Z0Dbr2_f`6F@Tq(C6E4(2>cg7lCKbWP^GY& zIu7=~Ix~Nt9;8#BC=&AT6J><}<&&(B6$*6!sJK2}v_Q#aL64a7-zV~;dTYM?-xvD- zrz?uIz;e)2(CTs%lFsdEVMhw^)X+Gk%(j+e5Z+|V37(f&o`-Ez=|iQ&+ntS`!0WM& zKY+2`+GtHF;0OK2`g`2oig;_@ddKqz04%|AAUAse1RG6^%59|)o3-6dKn~r{0bWFawKNbC$qstnHEt-r$ z3Oe7N5%-inM0%|LkD@w3OVjvtd&)e@d)@UWI<1Ah1Ux_2qhcV)$fdtit1}ZdU#f*c z-(CN@R#S6(h54BexEglxf|{J}k4)}pWFHNFCq^C4lnDcDQX941i5}tUHY3Eog^1UO zJpvL-pc-Jz_XkX&MarCHWVLI9M7Yp)k4~Xp0vm_hCAN*m?r9Y7^5!Bdu0(li1ef(U z&{EOs50@NCX34AQcwOAswruz!3ikyZ;6UU9q0A3z?e<4XOlJF_#ddd2X3Gg5a*0Gf zU_)l5W&t#Xn5@>{_1+(aMG*^T0|n>kii(ISBe?ul?T**lA9GTGUyq(AktCHSX^JO0!0#Hk2q>{fEl)72ELojvom5|V>n`bp2^P<{8k4_Yq84$$fr0a zK**U4)}7V)i@`{;VqQx~f*_fLlu-C5Q9x0vv?U`np|6nKFW~ML(%mkUt+k#aZ|=H+ zWkF=O-OZgyjpuQ92_;Sp{T~ACG|&w4W-!M<9|)c!T#rJj%x}GqtB~=QN@wGzO)R<~ z?Jh5tjUm52+<|>72`Nja&*)QCV=rQs~mGj|agp zM(H$LXIJg1fX`EAJ@$EjtDeqQp|0A2`6I8<42sl8OT;WS`~xhKE6GIr_p86TRY?VWyQ2WlC)vy%7W%E_a6`R{~m(_c0L% zgK^Zg{uy27@iwNA!=KTHeSy5WT&YStPNFU5=)|F7$s6ewEpCt5)vu`lrosRU5ic8K zL>+1M0w6gt^c;#aJ6Wi=8pFI%6wz1Oj94ouXklzMtMqyma1tB3z6Qv(-dh(LMWo** zM>5e1cai`F9|>xu;%{Rr%o~&_mGHPMa!U^8CcoE--r7w<$_(t7yWTiaie^Bb7&Q4O z6zWEm*!p%^mE-0~G-auOb1wt}FxT}J+JxZA6hHB}HA-@iq7=^*N+CMynl07C!()LW z-!zRH3DU&z31-E5gKgBm5R5{DH;^0_nmEILmtYOGW>zz-6~yZPp5;-;f~ zLf4QhyD>A`ZRmdYcam>3g*3l9mSZ9%TXxY@{zM{!zVYmEl0uV>f$)MtGqn?YS!b6Z z$TiZ&a47z#o8g#)Q-lt*dY#3{#-#BwRu3*isXX#X-Y0IGWeRmafe$;otmARH*3FLwqhIdh=SR?(H0 z;@#5yJAH)_DG^Fybv^eH$i6F%m*a8nL&cxF-Kw&*2$Bef{674ltyXV_9cL7i=kFY9%n}uxAWZnUkk|mxlZpIBR ziww}^ECLrFB-9N46_DBXbe#p9aDj^o^aGVbDi@1EukZ(OTPy&8d{YSN#)xjEgAzagy1aOKdRZHLaNydq=g;dgRR5422t`#WC2=1vuyPAC|e^7 zs<0|JR4~jV;dUEzCl6dbbDN6h2a|%5SWZU^v2NH*M&JqA`NcLw(Ui7!fmTGw!@DUR zNx@La!f~J%0g7yBw{S;zsu!a{23TIOFKqe&y2?M&5cl9!s6HMJj9pE0;!?&T`Tfzm z|)6SbmHvUs5e12%E|K|LH2G}#J-H0bFACT&G~Af4w1SKi(kPXM#YxR-~bdqlxZOwyZ zG#dl0R%0R=HG%x7M$^1Z3vL{MBI9s4{N1ls zqtZRt!NsaWXil8(rPgwd=SD)4o{XIv*&9GyFn-nYkEhknH~Ue!(QMVl+}DYEMp4P* zKhx;F^5fZ2Yh>0vgn&L>tl54_305~vIpgkVDI!no0LG!VcL5TPB~iv!4HW<@pF=)D zEI}#nj##ABpEzm#N4%ZvxYUEtppO-UFh>GV8v%8Ob2*MD%hjff) z7bp-qx@q(t-S<=nvz(HWKwDwKp^@{UT8xog+zgk+ScEg_A_SM7j@uQd(XrD0#pV?6 zP0|fO0t1+c)qD*C{vn5-Ad@ruTE)E!?=uI~jhPvZ20vF{xb}?yE$I&C8KD!KaoKT; z)Cf;xTh9j3oaXi@liEF&vuqMZZKnsvjFM5peIx4|f5C@Mceom};leTyUfb0)16w1`%+LZJrY^E~R+V$A^k3$pG zP;(7^=R2$L5x-CS@*Z2QyKe?{rq1Xyu(iIjRGGp>*Lb-=PB6u%-kh#1{oM%&a)v-8 zEKDhoPU~Zc)T5qxN4^_LK0oHR+RDy2A!|}UX4X^5mb(=7*p2Uv(knimEeIROC|#mN z3z*g;3M~%ik3+$%=JR)7w$Cn@`pe&>pUT?~Q#4H5;JOAowmlXdcFA!{6@Xstj}~ zww&LG96?wXe8ajfuK4IqHto;PMDIjlH-knD)k)^BJ8c=bg%%FbjwugsPRHBfhSeSLTMGr7*RSWI9r9?Iez@PzZGjHISM zd2}F+%YJqvk;ykxMVEc;emMVuXz1ZX#BDKIAX%|1?K<4w^#Y|ZHR~-j@?w311(w3^ zjeYIAKncjfAfn3n_z$y608|Xx;m3I5@kVB`)uQp_w)-)=@Q!}R6ET0-KEsKjXun)@ zPJj4fojNco!b^@dUz$2BUi18wBp83hs|y#I%15C{zNFvVAEnAsF0VRF2%dZ>84%x$ z%2TO^e|^L-n%kOZGECUurPEf*=w@gs$SIpD7*kO;unw2j=ew+S%rO7%f%WJ!T;)Ua zaVU5Qnyu!7W0;?V|6qQDxDleIlg>=P-trGmGJ|__H7ATkn%t@_(q9^J;2^dX=SJ|S z75Y;K(tgPvA^4d-EEao1pGWIg=__m<9&Zvt^LPM0k57Bxt%Pl`WNz%11=g2(c<>C38cA_^n_Wk{knz~9igBuEo z@pk9asQs^sarwyJXnKLHTk7O@k^r~a>Eazs(*lTw+vZQ)Z3;z`c3X?~i<=FK&ZZ76%-Omhvs8VsLOn7>DMcupPELo8A|o%)75Kn}h+sSmi}_`bXwu*! zeC9)Z*;X>aEBfmK5KZgNPW&oW@I!v-8%;F zM`tz+?8!QwIy4ExO@$2fEJ>na2uGzxaILib=2=Z&(d5PlnZCABsMccgP6;TVig4EG z%Te%eLiFd~yUDJ$Is;(}I|x?HNR%!_jKm7Spei!{8UU9iUrJZnxw^R_eFWrsWa<1^ z&I^hvz3~|~Q5l^r&$|O~AeL%?_W7ikl70AhM?s}-QAej7dL^cyOqZ1o-q_i47$DFs z<%5=)IRz8C>l*QmBSFrDQVWvGVUYcx;7BofgJs=KPu>f`~qg7Y;2O!l=Ye;#! z89uhA;~ho=?53q}h#XVuI_Belr<~;okz3MsIVx)B`Z}MQ{KVa6wcD2gMzz4Z53DZV z7-D-|2}R&bmN_w&9rWF#e1uK(Yb17)!J|;Xtomy1wkV1^oezJ=s?&h_GSk>^n;Pb~ zatd-#)_q|@GkZ#1`)~tEKjP&*;CsgECi*TcHV#-CXCb`TNgLlD_$cp7;n_n()Em#TVuH+^>6AkNF0I2bq!4en&Tqa@xx8@r%G^g|8Z|5Xm1 zeoAEOK=xpR&Xa9)Z*>B|1*R>ivO&n)f%CYqd?@LBU%sC+Lg{_m*m2%Q?j#L;eW%{Z zWQG+1v$|3sMx5dM%Ly5&ldS{IAxf{N1uNApbbo7LBKQNTV#@-b>*;dSL{h1;2{&*v zA3OS`3-4bt#=YSs&JfSib4IN3r;%j%Xl}ldV6>X3s&?^@+E&*A3y%eShu5petF%E3 zMBJO~9lw|PyPVS)F|`r^Zur`4o0o-ZbTmS9*}~0-E}_ZU0%CO#C3L3}49}6_xg(19 z^;bNr%vO(=X6TtZhP;tHd>_8=$U*1}&?s8}k-xdYfxwNtg{79=F6?LiM`-E4)o)=w zQXL1bZK;1!zz|>=B!noSjIT7<{}#G+02mX96W``vge4!Zv9}cQ9+EiZzcuOkw+F)m zm;VJ$B3!q9V=S@%iuV4u&g}p^ShGds`0u0dKLH_RH-xJ1|DL+!^#+$ZcKV(6@1uF% zUeW)3ng9JJ{qI-P`!k~spr)~62W(vVh(V4)f_uK)B#eFZ@z|zxZ@ok7TLKqS=2+dO z*nj{d^zyi4+Lho=2MNOh?_Ot3AYW=B#=%Yqy2*OW`y#EjW{a3^QjpQXu zpEsZ_!BA5u*Yt(ic)qhW;s6tXZ)TxWD^CLU>SvGE`?rXK>0~2AZ?JxbhsW~)#bV!y z%f+VPU;;h;Op$!TWPvy)LVDR!{Um_-Ed<~+hbxx-;SP@m!)z9SnPH+vqt8;F&lke6Q`78GasZ^+%-Wy4fRZ>JMP< zl*qJ$+Z(T~Vv33<178P7@X+%OnOfwD0G{FzQ1}XkejcLHTX3n>yHT1iRL5yK=fMLk zE>aCDPKVQ6P2N`#d2&yFKx$}c>u@|vZw^%W@fe0Z9Y8UMOu}Q0-FJHqV`+Mo8_p}q z*<^O&6#aO=6(LEP;(;meIady!1+0W+_D0ik6a;JQN^ZmDvhj)gLvEr2ktVJ|*Cm)T9H8<8cG zK@-DUCYs;oR4x^rGiIGG6d%Ym`3cEM&cDH_03fnL0EkmdZ~`2LkUZTZ=GlrrO5>x_rU-t@n7zZS-OU%IdLg@0?E=r zHv~oHeyOzmwmZmbs@kT9<(b|GSj@zMWdUHGOmF2Atv-Qk6LMNF_P|F5j}Rsk0bUVm{kr}z6;+Hz2ALv`H+fQU+@;o1hP zxmrr<2@FUGj($Wx@s{iqJXJP6N>Jr6Ge=ypL?IXZo%s9>fKlWeFH~QVXJhn++=zIc zm=j$4b<~9?IB~rWI%Rtx|18SzeDEJfq^|O#Cbr2VFPCo#kIu{hbYDS$&WDgE6&Ipa zV+M^vAtk}xa+f)$LX2Q<4NQAc8D#bmi~r33@_3WO9p;-4e4gcWbP(K+E-+bCN|Y!Fa8PS>qB>G_uhVO%l{BOZ< zmzNsOWLB4(ias*dDM2b0WO??`Y45(a1dnF4@ToeD7RuH@GS&y*{Al)g;b0t5Z_?JI{vFAaCR-u| zPg1BNtAATsp^=a7u;CL$nbR?msimpEmcByQlL-fqOPE72DD_G;>S?+`W$JZIrn80k z8&AsGCOMN;vj>ZDLqY%xEUZYr9kg|_@}fsvs^dWeqF`S-2c;=6oRK}IxCO*qGMn+LMW?oEte+TS)nWQo}in_r_VmIcadJbQ^+FFDF_S!V# zblJBHLK64p+P=alk`cSMqEHKpm!neLOToweuO8TwCCypVnc7+O2Tti8-cRd@tI8YF zcz+}}{9nU3-cg4Yq;b|K9b~Nyr!r{jA|89e9{zbeN*e*K-ttS|s~-i~0LStelhg*+ zSYTbfU&BT^ZDLHl!heCXpRdzz2~lrwpv}<_bl8||a(Sr!$m%$1w$!r9?OJG^JyoWb z7oF^Sy4r5=Zi@GGt;TD8R0f*`8l{}dj(4?gsj^#>kC^h_%c<8Z_cId7<*oyt$%=3P#I?2k4S_C@e-vON+x4rVFradzq1XNGMegxH`Op2jg|dLf2|vK zAx|Nls5@S6>^hC@j_R(vyr(~Mce?v^d#gwyeHTVk>EY+|B26N|=8z^F}xRkDQR38MY)O=p(A+`sD>_!EUgg4Eeknj)B@uUybl-uZwcv_Y~JhRYf zDL!q}e3l{DZZJQ>U`%7z9+MlJE!WCRKd9DcXtq7dcL{*OHTbn1;#SqD!vK*J@IfpA z6%Hd2Oybok0DyIQ2QRz~jTy4FetjNIZB?=$pt_{aozIhpTp3 zgGvCPQ_T4IR3zBD)T}ZT_QPn!u3e{nEd4<6dx*gYwWqTsi#CMv$uvZCl<8fA`(IuXJ7*9=MGZcZ@a)#5Drn1So6CXFb zCeUjcz)QHh4!wXgED)^8H&pwL_%f%cVYVz3fn(sh_q|glyj1l|2}{5I=%v)GmTeZcK6 z!+g;kAxM^9=!hmH_r^7K%Oq#cCz#1OTuSMyELMX{Ch2{Sp|h)A2@zMp_O|rj&;+Km zsTg7CoCtZls4O6@z!8Zwjz0}$HX#TliWO48k~mwphi4O2!e~M3SP>A~DMP!)lK5@6 zfAa$!s(e+(4!yWbDMDkKN;WGmAOx{N}xD6S?KzcpE)!Uc;- zlj-<)r#z$?( z^T_o8hWhm$P70f{7ebm^wYIt5qD%{P)Trs)rLTPaG2dKsP!6Hh zyUW6F-P^=583_ubeSLiH*Lx9n8IO87c$hG9bklAc#=#65v{a1&fN|>GrBL@83?`WaV;!^g2U=Gua5uu^2F}Dc*^N`{GAck z_*X$$*62##A*;+6rMuppnEAxD%*nt(1^@wCnb7Zh87$Yz+a7&22ZRaW^OP6sa^PEoOkFW(u4fh+2|S-}{UDo48Odm%?H`yaa?}WZCQ6l5Ter zHp0ttG`9M}^8h{avmw$c#$uhhu=!HE=@$w^0ere>3Q0p)Z^1G??`OMsbCpuR;5D(l zd5e=!O8I@7rQ!8T@ItPHIWen)s8ot60GE{#F?9(Jlh0CZcgrBJk$kd9{1uqYnu8b! zm$gf)_Bkb8=qHZs9X_|jQ{Bw)r}n4Q7Q3Tc^UFQK?TxLe7&g4Ua2?KjRDzs2i8SV8 zAVGwVsvUi@n+g%Y%tD`;`FplEDZagb(~ykUlefMI_6)oWhdleoeAl(EBbAkNR5W5e zsc5nS?Io77l32!Qx)CHV@6BU(FYK%ienngF+CekeR=q_U$Ms7z*>vcNpO?UFVC9RJ zx$UycaO(T84ePgYZEwjDGognAtf?Q$6@lX5^=b`?528oi=>E)=wp(*q?ob9L?7q^E zKy!QxQzN3Y@6#Fbs>1z~(YD=Y;lUmnD8h-WZ`w2`c;IZPKsQM~gQEj$T%q+Q%DhrbECo%(MgpvEzBlbIAau~ux2n9`ORldO8&Ti&><(69$zjnD>O`l-rX@+Y zIen|A8?DVg!apfEy11Yqpbj1(k3TixHMQzRiQ-HM8eEqo_?7*fdrzV*67;7h1?v-n z=m4C+XUp(a{Xd?olgI2eCeQa5OwOC6DQH+1T~>eqLaZTY%n4d~jldqY0$b*K$H;6w zNy_2*+NzApN^0+mn4Y=KU2>j_ned(byG=QKjNZubQVhTG`ki zoEK?NGz|=ZRj!y}q)C>+UZ)2sXL9s@I7lXt9=EcCUXzN<^#%oh{jm9cuw1i-Q4;B3 z%gJ3|$z25|8kzcJxk~$@E#!hG{zx2sI6V@u1}rrWzbZ#> z>}D@BFzEc>?D3TgUo(8E6iTq{=l5SnlCGlcaBqfFSS$LsyS8)8WJ-L3Z3JEKe^KPN zD#h_AL`j7h^MpwxX^fy+Q4o_tw|<7^LWeY?Tng`m{}z=kSZExTP4mz^68a?dXgW(n zrBs`kOj;Ebj`M=uBKA3dnT%8_HZel|EW5&JObOMbS1e8;<+D+^8FiKE%pdbKJN+HK zK9Lr#cT+PbKP?UwZ9_w0L@;%zKh!B*qEVV)GO|`;_AojvI||DDQPf8~#{P0o4P4UT zL?`)+Ux6_2oV{lYWbc8|c8mu3Z;2>Hp244vN{hexS12UYOOKJzNIKuWgJKc=#;>q* zeyV@#7?4IWoup(s+loDs#+h(g(}FlZ@-|CWtuh(RdGk!MK12Q49i(U|F&IxyB=5YH@XBe!m5WbP%X*WHTj|bi1p;> zLE$!E=tVTOj`ZO5w0c-fPaD>%B{!%)CS1}hXHqBh%p01awoR0!RLi?WHz#6$+t8ye z8OgeZ+2nBt;0Zf>2*b9$ArV*~oo+ICE!(T<2Y(Nb3|AOVj%sp#)_sPE8k|YtQE9fr zuDEcFW5-y|H{*N*s~KL}e$m$w7ZvVQa6Fiddn5a2s2w-k;p|_nxZdhOHYZ=cL!3iT z{!*oYdMi;$@Zz@2W;%vq(U|-WwI0}I11YyJ_6DweC1p9`C7wircs$Sgb=WZL^duV1 zXhMMNQ;;_lPpQoQ+3_0$ClgzAd8a#M*i5a-RNPX00=0sSKIW~tI56{OKJK*_*So7! z%k%skQQfAzPi{--XVaRL42p-y)`cKqBW;m#LpkM3E!m|X>&!wq#xOBy3MjO2NFSrz zZM__#UPs5O6ha8)>bFWfhW2I^Fq~dq$(2ICe-0`xW<7*ndAq6f6N=Ab3S|$!s|sK9boK|0fFR`36XeitpYSGz?g;K_vI%j6s3d- z?YCTMl>|5m_0CFxmY)h~Yc=7XjlG-g;5!IA7}xQpg#06t`2p^O$?;xB zN-9oX@~mWzIIXOJ2YM!);+flEu~t;xkcOPH=!A7x z#1}-aRH0h-*hUQrw*^rPAf|5$Eb#vvEj7@$jkv>Y8B;QHv^DYy%)szk=`;g+n-oaN zQF#9;p_@()m*pGO6_^i10cS~bR6VDUXwNo1c@i%3b(N?FZ!V0Ff(2>Bd$Up97`FcGYPe-lAqkk-0nH&?pvVaeV7o(a#j z!rM9}DM|wxoZ*vqf|cF1$qX`!Sfr`W=DB_gg7Pr9f)w=oK5z%#MSPOxAt#_8uZ30d z**?TDcXpV=)7IP@6+KOlc#IBk1XeIg?h1@lD!;SxAH$@BgyKM>bTv6L zh3qS$6{!z=+)lyP0pAv!WxBC3UOFGSh1l>vcq3a2>SWf{F3q@d*)qph4)`RzZVyDK z6d;g<5X|f)(lcP@elKe0+1RI(9LD>s4jwPo<0sIN7w&5f*I)j)UFuQp$vqMXy;m-= zI*iIe|9}pmM+Gh&2NqgH=ps)~{T@Tsi30e==1d3uj0@d~)dE`raj^q^ol#=rVGZa+IoR9h-+qpks#(R!26yIVOnn7L9D#@9|;s2aM+ zXSe%}$i0AvFR*l&f4Pd!L(oAG$CS*SQ6zz?l8NIdQBH;9R+C7h!X!B^u40OjW?DKB z>p@Ift&OqN%BOqy9}4~NE{eu!%xcfdOkbKRY8ChZZ#119uqs`5lfQlZ*T@?NJTO`Q zzH5y5$A7HOPR6&fGh-StBHsU+qLcqNMMuI?x9DFZZ@6rM=Fsghb1>S!CfVq50DYd` f|Ho5y{&|PTS+ha!>|6Z~_z@M9`c^KW +# before +security.provider.1=sun.security.provider.Sun +security.provider.2=sun.security.rsa.SunRsaSign +security.provider.3=com.sun.net.ssl.internal.ssl.Provider +security.provider.4=com.sun.crypto.provider.SunJCE +security.provider.5=sun.security.jgss.SunProvider +security.provider.6=com.sun.security.sasl.Provider +security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI +security.provider.8=sun.security.smartcardio.SunPCSC + +# after +# Add provider with higher priority +security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider +security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider +# Lower priority of existing providers +security.provider.3=sun.security.provider.Sun +security.provider.4=sun.security.rsa.SunRsaSign +security.provider.5=com.sun.net.ssl.internal.ssl.Provider +security.provider.6=com.sun.crypto.provider.SunJCE +security.provider.7=sun.security.jgss.SunProvider +security.provider.8=com.sun.security.sasl.Provider +security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI +security.provider.10=sun.security.smartcardio.SunPCSC +# Change default SocketFactory implementation +ssl.SocketFactory.provider=org.bouncycastle.jsse.provider.SSLSocketFactoryImpl + diff --git a/src/content/docs/ko/tip/tls-support.mdx b/src/content/docs/ko/tip/tls-support.mdx new file mode 100644 index 000000000..26e2ba777 --- /dev/null +++ b/src/content/docs/ko/tip/tls-support.mdx @@ -0,0 +1,341 @@ +--- +title: TLS 지원 범위 +description: 포트원 v1 API의 TLS 지원 범위 및 설정 가이드를 확인할 수 있습니다. +--- + +import "./_assets/tls_support/tls-support-styles.css"; + +import Figure from "~/components/Figure.astro"; +import Details from "~/components/gitbook/Details.astro"; + +import javaTLSSupportTable from "./_assets/tls_support/TLS_support_for_java.png"; +import Java6JavaSecurityEdit from "./_components/tls-support/java6-java-security-edit.astro"; + +2024년 9월 1일부터 포트원을 이용하는 고객님들의 개인정보 및 결제정보를 더욱 안전하게 보호하기 위해 +v1 API 서버(api.iamport.kr)의 TLS 버전 및 Cipher Suite 지원 범위가 변경됩니다. + +## 변경사항 요약 + +- HTTP 평문 통신에 대한 지원이 중단됩니다. +- TLS 1.0, 1.1 버전에 대한 지원이 중단됩니다. +- 보안성이 떨어지는 일부 Legacy Cipher Suite 들에 대한 지원이 중단됩니다. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ProtocolCipher Suite2024-09-01 전2024-09-01 이후
HTTPN/AOX
TLSv1.0(omitted)
TLSv1.1(omitted)
TLSv1.2AES256-SHAOX
AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES256-GCM-SHA384
AES256-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA256OO
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
TLSv1.3TLS-AES-128-GCM-SHA256OO
TLS-AES-256-GCM-SHA384
TLS-CHACHA20-POLY1305-SHA256
+ +
+ +
+

+ HTTP 평문 통신 지원을 중단하는 이유 +

+ + TLS를 이용하지 않는 평문 HTTP 통신은 데이터를 암호화하지 않고 평문 상태로 전송하기 때문에 다양한 + 종류의 공격에 몹시 취약합니다. 먼저 별도의 암호화가 없기 때문에 모든 종류의 [도청]과 [스니핑 + 공격]에 의해 API 키나 민감한 고객정보가 공격자에게 쉽게 노출될 수 있습니다. 뿐만 아니라 [DNS + spoofing]이나 [ARP spoofing]과 같은 [Active MITM 공격][MITM]을 통해 공격자가 결제 API 요청이나 + 응답을 변조하는 것까지도 가능하기 때문에, 정보 유출뿐 아니라 결제금액을 위조하거나 결제상품, + 결제사용자를 바꿔치기하는 유형의 공격도 가능합니다. + + 따라서 암호화되지 않은 평문 HTTP 통신을 실제 운영환경에서 사용하여선 절대 안 됩니다. 포트원 v1 + API를 평문 HTTP 통신으로 호출하고 계시는 고객님께선 즉시 API endpoint를 http://api.iamport.kr 에서 + https://api.iamport.kr 로 바꿔주셔서, TLS를 활성화시켜주셔야만 합니다. + + [도청]: https://en.wikipedia.org/wiki/Network_eavesdropping + [스니핑 공격]: https://en.wikipedia.org/wiki/Sniffing_attack + [DNS spoofing]: https://en.wikipedia.org/wiki/DNS_spoofing + [ARP spoofing]: https://en.wikipedia.org/wiki/ARP_spoofing + [MITM]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack +
+ +
+

+ TLS 1.0, 1.1 지원을 중단하는 이유 +

+ + TLS 1.0과 1.1은 각각 1999년, 2006년에 공개된 보안 표준으로, [POODLE]이나 [BEAST]와 같은 널리 + 알려진 여러 공격들에 취약합니다. 국제 인터넷 표준화 기구인 IETF는 2021-03-23 [RFC 8996]를 통해 + TLS 1.0과 1.1을 deprecate 시켰으며, AWS, Google[^tls-1.0-chrome], Apple, Microsoft 등 많은 국제 기업들이 자사 제품 + 및 API 이용 시 TLS 1.2 미만 버전에 대해 제한을 두고 있습니다.[^tls-1.0-browsers] TLS 1.0 및 1.1에 존재하는 문제 + 및 취약점들은 아래와 같습니다. + + [POODLE]: https://en.wikipedia.org/wiki/POODLE + [BEAST]: https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack + [RFC 8996]: https://www.rfc-editor.org/rfc/rfc8996.html + [^tls-1.0-chrome]: ["TLS 1.0 and TLS 1.1 - Chrome Platform Status"](https://chromestatus.com/feature/5759116003770368). chromestatus.com. Retrieved 2024-03-25. + [^tls-1.0-browsers]: Bright, Peter (2018-10-17). ["Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0"](https://arstechnica.com/gadgets/2018/10/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0/). Retrieved 2024-03-25. + + 1. [BEAST] (Browser Exploit Against SSL/TLS) 공격 + + [BEAST] 공격은 [중간자 공격][MITM]을 동반하는 공격으로, TLS 1.1 미만 버전에 적용 가능합니다. + + 1.1 버전 미만의 TLS는 [스트림 암호] 대신 [블록 암호]를 사용할경우, [Mode of operation]으로 + 무조건 [CBC]를 사용해야만 했습니다. [CBC] 모드는 예측 가능한 [IV]를 사용할 경우 + Chosen-plaintext attack에 취약해진다는 문제를 갖고있는데, TLS 1.0은 이후 버전들과는 다르게 + 항상 이전 블록의 암호화 결과를 사용하도록 만들어져있어, IV의 예측이 가능했고, HTTP는 특성상 + 헤더 부분의 정보 엔트로피가 낮아 공격자가 높은 확률로 암호문을 복호화하는데에 성공할 수 + 있었습니다. + + [0/n split, 1/n-1 split]과 같은 취약점 우회수단이 몇가지 존재하나 이는 클라이언트측에서만 + 적용할 수 있는 우회수단이고, TLS 1.0을 사용하면서 서버측에서 BEAST 취약점을 우회하려면 [블록 + 암호] 자체를 사용하지 않아야 합니다. 문제는 TLS 1.0에서 블록 암호를 비활성화할 경우 사용할 수 + 있는 남은 유일한 암호화 수단은 더더욱 취약한것으로 알려진 [RC4] 뿐이기 때문에, 결론적으로 TLS + 1.0은 사용하지 않아야 합니다. + + TLS 1.2는 AES [GCM]과 같은 [AEAD] 지원, [ChaCha20]과 같은 안전한 [스트림 암호] 지원을 통해 이 + 문제를 해결하였습니다. + + [스트림 암호]: https://en.wikipedia.org/wiki/Stream_cipher + [블록 암호]: https://en.wikipedia.org/wiki/Block_cipher + [Mode of operation]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation + [CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC) + [IV]: https://en.wikipedia.org/wiki/Initialization_vector + [0/n split, 1/n-1 split]: https://www.cryptologie.net/article/378/1n-1-split-to-circumvent-beast/ + [RC4]: https://en.wikipedia.org/wiki/RC4 + [GCM]: https://en.wikipedia.org/wiki/Galois/Counter_Mode + [AEAD]: https://en.wikipedia.org/wiki/Authenticated_encryption + [ChaCha20]: https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant + + 2. 약한 해시 함수 사용 + + TLS 1.2 이후 버전과는 달리, TLS 1.0과 1.1은 [cryptographic hash function]이 필요한 곳에 무조건 + [MD5]나 [SHA-1]과 같이 오래되고 약한 해시함수를 쓰도록 정해져있습니다. [MD5], [SHA-1] 모두 + 지금은 상당히 낮은 비용의 [chosen-prefix collision attack]이 발견되어서[^sha-1-collision], + [HMAC] 이외의 용도로는 사용하지 말아야합니다. 따라서 TLS 1.2 미만 버전은 사용하지 + 않아야합니다. + + [cryptographic hash function]: https://en.wikipedia.org/wiki/Cryptographic_hash_function + [MD5]: https://en.wikipedia.org/wiki/MD5 + [SHA-1]: https://en.wikipedia.org/wiki/SHA-1 + [chosen-prefix collision attack]: https://en.wikipedia.org/wiki/Collision_attack#Chosen-prefix_collision_attack + [HMAC]: https://en.wikipedia.org/wiki/HMAC + + [^sha-1-collision]: Gaëtan Leurent; Thomas Peyrin (2020-01-05). ["SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust"](https://eprint.iacr.org/2020/014.pdf) (PDF). +
+ +
+

+ 일부 Legacy Cipher Suite 들에 대한 지원을 중단하는 이유 +

+ + Cipher Suite란 TLS 통신시 사용되는 암호 알고리즘의 집합을 의미합니다. TLS 1.2는 다양한 Cipher + Suite들을 지원하지만 이들 모두가 안전한 것은 아닙니다. 포트원은 아래 기준을 모두 충족하는 안전한 + Cipher Suite들만을 지원하도록 정책을 변경하였습니다. + + - [완전 순방향 비밀성(Perfect Forward Secrecy)][PFS]을 보장할 것 + + TLS 통신 중 잠재적으로 발생할 수 있는 위험 요소 중 하나는, 키교환 알고리즘에 의해 생성된 + 세션키가 유출되었을 때 해당 세션키의 수명이 일시적이지 않다면 과거 세션에서 주고받았던 + 데이터들까지 모두 해독될 수 있다는 것입니다. [완전 순방향 비밀성][PFS]을 보장한다는 것은 매 + 세션마다 새로운 키를 생성함으로써 키가 유출되더라도 과거의 통신이 해독되는 것을 막는 것입니다. + 완전 순방향 비밀성이 보장될 경우, TLS 프로토콜에 새로운 취약점이 발견되어 통신이 복호화당하는 + 사태가 발생하더라도, 공격자에게 노출하는 기밀의 범위를 크게 줄일 수 있습니다. + + - [MD5], [SHA-1] 등 약한 해시 함수를 쓰지 않을 것 + + - [RC4], 3DES 등 약한 암호화 알고리즘을 사용하지 않을 것, 국제표준 암호화 알고리즘만을 사용할 것 + + [PFS]: https://en.wikipedia.org/wiki/Forward_secrecy +
+ +  + +--- + +## TLS 버전 및 Cipher Suite 업그레이드 가이드 + +포트원은 TLS 1.3 으로의 업그레이드를 권장합니다. + +### Java 6 + +Java 6은 기본적으로 TLS 1.2를 지원하지 않습니다. + +
+ +JDK 6u121 버전부터는 TLS 1.2를 지원하지만 default TLS 버전은 여전히 1.0일뿐더러 Java 6의 JCE(Java +Cryptography Extension) Provider가 타원곡선 암호화 알고리즘을 지원하지 않기때문에 [완전 순방향 +비밀성][PFS]이 보장되지 않아 여전히 Legacy Cipher Suite를 써야합니다. + +따라서, Java 6에서 TLS 통신을 안전하게 하려면 아래 두 방법 중 하나를 택해야 합니다. + +
+

+ JDK 8u261 이상으로 버전 업그레이드 +

+ + 가장 바람직한 방법은 공식 지원이 이미 종료된 Java 6의 사용을 멈추고, Java 8 이상의 버전으로 + 업그레이드하는 것입니다. Java 8 부터 기본 TLS 버전이 1.2이고, JDK 8u261 이상부터는 TLS 1.3 통신을 + 지원하기때문에 TLS 통신을 안전하게 할 수 있습니다. + + Java 7의 경우, Java 6과 마찬가지로 보안 업데이트가 중단된 상태이고 기본으로 TLS 1.0을 사용하기 + 때문에 Java 7로의 업그레이드는 권장하지 않습니다. +
+ +
+

+ 서드파티 라이브러리를 통한 TLS 버전 업데이트 +

+ + 자바 업그레이드가 곤란할 경우, 서드파티 라이브러리를 사용해 TLS 버전을 업그레이드할 수 있습니다. + + TLS 1.2 및 [완전 순방향 비밀성][PFS]를 지원하는 서드파티 JCE(Java Cryptography Extension) 및 + JSSE(Java Secure Socket Extension) 구현체를 설치할 경우, 자바 업그레이드 없이 TLS 통신을 안전하게 + 할 수 있습니다. + + 본 가이드에서는 [Bouncy Castle]이라는 오픈소스 라이브러리를 이용한 예시를 설명합니다. + + 1. [Bouncy Castle] 홈페이지에서 아래의 세 파일을 다운받습니다. + + - bcprov-jdk15to18-_VERSION_.jar + - bctls-jdk15to18-_VERSION_.jar + - bcutil-jdk15to18-_VERSION_.jar + + 2. 세 jar 파일을 `${JAVA_HOME}/jre/lib/ext` 디렉토리에 복사합니다. + + 3. `${JAVA_HOME}/jre/lib/security` 디렉토리의 "java.security" 파일을 아래와 같이 수정합니다. + + + + 4. 오라클이 배포하는 "[jce_policy-6.zip]" 파일을 다운로드 받습니다. + + 5. 압축을 푼 후 "US_export_policy.jar", "local_policy.jar" 두 파일을 \ + `${JAVA_HOME}/jre/lib/security` 디렉토리 내에 덮어씌웁니다. + + [Bouncy Castle]: https://www.bouncycastle.org/latest_releases.html + [jce_policy-6.zip]: https://www.oracle.com/java/technologies/jce-6-download.html +
+ +### Java 7 + +Java 7의 경우 TLS 1.2를 지원하기는 하나 default TLS 버전은 여전히 1.0입니다. + +
+ +뿐만 아니라 JDK 버전에 따라 포트원에서 허용하는 Cipher Suite 조건인 "Forward secrecy 지원"과 "SHA-1 미사용"을 만족하는 +Cipher Suite를 지원하지 않기도 합니다. +본 가이드에서는 Java 7에서 포트원 보안 규격에 맞는 TLS 버전 및 Cipher suite 설정에 대한 방법 3가지를 제공합니다. + +
+

+ JDK 8u261 이상으로 버전 업그레이드 +

+ + 가장 바람직한 방법은 공식 지원이 이미 종료된 Java 7의 사용을 멈추고, Java 8 이상의 버전으로 + 업그레이드하는 것입니다. Java 8 부터 기본 TLS 버전이 1.2이고, JDK 8u261 이상부터는 TLS 1.3 통신을 + 지원하기때문에 TLS 통신을 안전하게 할 수 있습니다. +
+ +
+

+ JDK 7u321 이상으로 버전 업그레이드, 1.2 사용 설정 +

+ + JDK 7u321 버전부터 기본 Cipher Suite가 [완전 순방향 비밀성][PFS]을 지원하고 [SHA-1] 등 약한 해시를 + 사용하지 않는것으로 변경되었습니다. 따라서 JDK 7u321 이상으로 업그레이드 할 경우, 기본 TLS 버전 + 수정을 제외한 별도의 설정이 필요하지 않습니다. JDK 7u321 미만의 버전을 사용할 경우, 최소한 JDK + 7u191 이상의 버전을 사용해야 안전한 Cipher Suite들을 사용할 수 있습니다. + + JDK 버전업이 완료되었다면, 아래 두 방법 중 하나를 골라 기본 TLS 버전을 1.0에서 1.2로 올려야 합니다. + + 1. System property + + Java 애플리케이션 구동 시 아래와 같은 system property 설정을 추가하면, 기본 TLS 버전이 1.2로 + 변경됩니다. + + ```bash + java -Djdk.tls.client.protocols="TLSv1.2" ... + ``` + + 코드에 강제로 TLS 1.2 이외의 버전을 사용하도록 하는 코드가 있을 경우, 에러가 발생할 수 + 있습니다. + + 2. Socket client의 TLS 버전 지정 + + 아래와 같이 자바 코드수준에서도 TLS socket client가 사용할 TLS 버전을 직접 지정해줄 수 + 있습니다. + + ```java + // SSLSocket, SSLEngine, SSLServerSocket API를 사용하는 경우 + sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"}); + + // SSLContext 생성자를 사용하는 경우 + SSLContext ctx = SSLContext.getInstance("TLSv1.2"); + + // SSLParameters API를 사용하는 경우 + sslParameters.setProtocols(new String[] {"TLSv1.2"}); + ``` +
+ +
+

+ 서드파티 라이브러리를 통한 TLS 버전 업데이트 +

+ + Java 6 가이드와 마찬가지 방법으로 서드파티 라이브러리를 통해 TLS 버전을 업데이트할 수 있습니다. +
+ +

+ +---