톰캣 JDK 1.7로 구동되는 환경에서 TLS1.2 통신되게 설정하기
이전에 작성한 글에 이어서 2탄입니다.
이전에 작성한 글에서 JDK 1.7은 TLS1.0이 기본값이고 이로인해 Spring 프레임워크 사이트와 통신이 안 되어 xsd 파일을 못 불러오는 문제가 있었죠.
그 당시에는 xml 파일에서 https를 http로 변경하여 사용하는 방법을 이용하였는데
파일 수정 없이 톰캣 실행 환경을 수정하여 해당 톰캣이 HTTPS 통신할 때 TLS 1.0 통신이 아닌 TLS 1.2 통신으로만 하도록 설정할 수 있는 값을 찾았습니다.
JDK 1.7로 구동되는 톰캣에서 HTTPS 통신 시 TLS 1.0이 아닌 TLS 1.2으로 통신하도록 설정하기
톰캣이 설치되어있는 폴더를 들어가줍니다.
해당 폴더에서 bin 폴더로 들어가시면
catalina.sh 라는 파일이 있습니다.
setenv.sh 파일 사용하시면 거기다 설정하셔도 됩니다만
보편적으로 안 쓰시는 경우가 많더라고요.
catalin.sh 파일을 열어줍니다.
#!/bin/sh # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ----------------------------------------------------------------------------- # Control Script for the CATALINA Server # # For supported commands call "catalina.sh help" or see the usage section at # the end of this file. # # Environment Variable Prerequisites # # Do not set the variables in this script. Instead put them into a script # setenv.sh in CATALINA_BASE/bin to keep your customizations separate. # # CATALINA_HOME May point at your Catalina "build" directory. # # CATALINA_BASE (Optional) Base directory for resolving dynamic portions # of a Catalina installation. If not present, resolves to # the same directory that CATALINA_HOME points to. # # CATALINA_OUT (Optional) Full path to a file where stdout and stderr # will be redirected. # Default is $CATALINA_BASE/logs/catalina.out # # CATALINA_OUT_CMD (Optional) Command which will be executed and receive # as its stdin the stdout and stderr from the Tomcat java # process. If CATALINA_OUT_CMD is set, the value of # CATALINA_OUT will be used as a named pipe. # No default. # Example (all one line) # CATALINA_OUT_CMD="/usr/bin/rotatelogs -f $CATALINA_BASE/logs/catalina.out.%Y-%m-%d.log 86400" # # CATALINA_OPTS (Optional) Java runtime options used when the "start", # "run" or "debug" command is executed. # Include here and not in JAVA_OPTS all options, that should # only be used by Tomcat itself, not by the stop process, # the version command etc. # Examples are heap size, GC logging, JMX ports etc. # # CATALINA_TMPDIR (Optional) Directory path location of temporary directory # the JVM should use (java.io.tmpdir). Defaults to # $CATALINA_BASE/temp. # # JAVA_HOME Must point at your Java Development Kit installation. # Required to run the with the "debug" argument. # # JRE_HOME Must point at your Java Runtime installation. # Defaults to JAVA_HOME if empty. If JRE_HOME and JAVA_HOME # are both set, JRE_HOME is used. # # JAVA_OPTS (Optional) Java runtime options used when any command # is executed. # Include here and not in CATALINA_OPTS all options, that # should be used by Tomcat and also by the stop process, # the version command etc. # Most options should go into CATALINA_OPTS. # # JAVA_ENDORSED_DIRS (Optional) Lists of of colon separated directories # containing some jars in order to allow replacement of APIs # created outside of the JCP (i.e. DOM and SAX from W3C). # It can also be used to update the XML parser implementation. # This is only supported for Java <= 8. # Defaults to $CATALINA_HOME/endorsed. # # JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start" # command is executed. The default is "dt_socket". # # JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start" # command is executed. The default is localhost:8000. # # JPDA_SUSPEND (Optional) Java runtime options used when the "jpda start" # command is executed. Specifies whether JVM should suspend # execution immediately after startup. Default is "n". # # JPDA_OPTS (Optional) Java runtime options used when the "jpda start" # command is executed. If used, JPDA_TRANSPORT, JPDA_ADDRESS, # and JPDA_SUSPEND are ignored. Thus, all required jpda # options MUST be specified. The default is: # # -agentlib:jdwp=transport=$JPDA_TRANSPORT, # address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND # # JSSE_OPTS (Optional) Java runtime options used to control the TLS # implementation when JSSE is used. Default is: # "-Djdk.tls.ephemeralDHKeySize=2048" # # CATALINA_PID (Optional) Path of the file which should contains the pid # of the catalina startup java process, when start (fork) is # used # # CATALINA_LOGGING_CONFIG (Optional) Override Tomcat's logging config file # Example (all one line) # CATALINA_LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties" # # LOGGING_CONFIG Deprecated # Use CATALINA_LOGGING_CONFIG # This is only used if CATALINA_LOGGING_CONFIG is not set # and LOGGING_CONFIG starts with "-D..." # # LOGGING_MANAGER (Optional) Override Tomcat's logging manager # Example (all one line) # LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" # # UMASK (Optional) Override Tomcat's default UMASK of 0027 # # USE_NOHUP (Optional) If set to the string true the start command will # use nohup so that the Tomcat process will ignore any hangup # signals. Default is "false" unless running on HP-UX in which # case the default is "true" # ----------------------------------------------------------------------------- # OS specific support. $var _must_ be set to either true or false. cygwin=false darwin=false os400=false hpux=false case "`uname`" in CYGWIN*) cygwin=true;; Darwin*) darwin=true;; OS400*) os400=true;; HP-UX*) hpux=true;; esac # resolve links - $0 may be a softlink PRG="$0" while [ -h "$PRG" ]; do ls=`ls -ld "$PRG"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '/.*' > /dev/null; then PRG="$link" else PRG=`dirname "$PRG"`/"$link" fi done # Get standard environment variables PRGDIR=`dirname "$PRG"` # Only set CATALINA_HOME if not already set [ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd` # Copy CATALINA_BASE from CATALINA_HOME if not already set [ -z "$CATALINA_BASE" ] && CATALINA_BASE="$CATALINA_HOME" # Ensure that any user defined CLASSPATH variables are not used on startup, # but allow them to be specified in setenv.sh, in rare case when it is needed. CLASSPATH= if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then . "$CATALINA_BASE/bin/setenv.sh" elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then . "$CATALINA_HOME/bin/setenv.sh" fi
위와 같은 코드 형태가 나오실텐데요.
# USE_NOHUP (Optional) If set to the string true the start command will # use nohup so that the Tomcat process will ignore any hangup # signals. Default is "false" unless running on HP-UX in which # case the default is "true" # ----------------------------------------------------------------------------- # OS specific support. $var _must_ be set to either true or false. cygwin=false darwin=false os400=false hpux=false case "`uname`" in
대략적으로 위 코드가 적혀있는 부분을 찾아줍시다.
찾으셨다면
# ------와
# OS specific
사이에 빈공간이 있는데요
해당 위치에 JAVA 옵션값을 넣어줍시다.
JAVA_OPTS="$JAVA_OPTS -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2"
사실 저희가 필요한 코드는 -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 이 부분이지만
혹시나 setenv.sh나 startup.sh, setclasspath.sh 같은 파일에서 JAVA_OPTS를 설정하는 경우가 있기 때문에
위와 같은 코드형태로 입력해주는 겁니다.
코드를 제대로 넣으셨다면 아래와 같은 코드 형태가 되어야합니다.
# # LOGGING_MANAGER (Optional) Override Tomcat's logging manager # Example (all one line) # LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" # # UMASK (Optional) Override Tomcat's default UMASK of 0027 # # USE_NOHUP (Optional) If set to the string true the start command will # use nohup so that the Tomcat process will ignore any hangup # signals. Default is "false" unless running on HP-UX in which # case the default is "true" # ----------------------------------------------------------------------------- JAVA_OPTS="$JAVA_OPTS -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2" # OS specific support. $var _must_ be set to either true or false. cygwin=false darwin=false os400=false hpux=false case "`uname`" in CYGWIN*) cygwin=true;; Darwin*) darwin=true;; OS400*) os400=true;; HP-UX*) hpux=true;; esac
이제 톰캣을 재기동해주시면 됩니다.
환경이 달라 제대로 동작하지 않을 수 있으니 안되시면 https를 http로 변경하시는 방법을 쓰시길 추천드립니다 ㅠㅠ
제가 자바 개발자가 아니라서 정확한 답변을 드리기가 어려울 수 있습니다.
'소프트웨어 > 사용법' 카테고리의 다른 글
AhnLab Safe Transaction 부팅 시 자동으로 안 켜지게 설정하기 (2) | 2022.01.12 |
---|---|
JAR 실행을 위한 자바 연결프로그램 설정! (3) | 2021.12.28 |
한글2010 could not find DLL(HncBL80.dll). 오류 해결 방법 (8) | 2021.08.21 |
클래식쉘 삭제 방법 (0) | 2021.01.15 |
qBittorrent 익명 모드 활성화하기 (0) | 2021.01.13 |
댓글
이 글 공유하기
다른 글
-
AhnLab Safe Transaction 부팅 시 자동으로 안 켜지게 설정하기
AhnLab Safe Transaction 부팅 시 자동으로 안 켜지게 설정하기
2022.01.12 -
JAR 실행을 위한 자바 연결프로그램 설정!
JAR 실행을 위한 자바 연결프로그램 설정!
2021.12.28 -
한글2010 could not find DLL(HncBL80.dll). 오류 해결 방법
한글2010 could not find DLL(HncBL80.dll). 오류 해결 방법
2021.08.21 -
클래식쉘 삭제 방법
클래식쉘 삭제 방법
2021.01.15
댓글을 사용할 수 없습니다.