Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Affected to:

Note
All versions of Cryptshare Server

Symptom:

When requesting a page from a Cryptshare Server, the internal IP address of the server is revealed:

Code Block
languagebash
themeEmacs
titlenc my.cryptshare.server 80
GET / HTTP/1.0

HTTP/1.1 302 Found
Date: Fri, 12 Jun 2015 07:43:06 GMT
X-Frame-Options: SAMEORIGIN
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store
Location: http://10.0.1.1/Start
Content-Length: 0

Cause:

HTTP 1.0 does not support the host-header and the Jetty Server therefore uses the server IP address instead.


Solution:

For each Jetty configuration file (User,- and Administration Interface) an additional customizer must be added for both Http-Configurations (http,https).

  1. open the Jetty XML configuration file for which the configuration shall be made
    1. user Interface: 'resources/WEB-INF/ui-config.xml'
    2. administration Interface: 'resources/WEB-INF/ai-config.xml
  2. introduce a 'New'-Tag for a HostHeaderCustomizer
  3. add a 'Call'-Tag for the new customizer for httpConfig-section
  4. add a 'Call'-Tag for the new customizer for tlsHttpConfig-section
  5. save changes
  6. restart Cryptshare Server


Code Block
languagebashxml
themeEmacs
tilteui/ai-config.xml
titlePlease edit your config files accordingly
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "resources/WEB-INF/configure.dtd">
<Configure id="Cryptshare" class="org.eclipse.jetty.server.Server">
	<New class="org.eclipse.jetty.server.HostHeaderCustomizer" id="hostHeaderCustomizer">
        <Arg>myServerName</Arg>
    </New>
    [...]
     <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        [...]
        <Call name="addCustomizer">
            <Arg>
                <Ref refid="hostHeaderCustomizer" />
            </Arg>
        </Call>
     </New>
     <New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        [...]
        <Call name="addCustomizer">
            <Arg>
                <Ref refid="hostHeaderCustomizer" />
            </Arg>
        </Call>
     </New>
     [...]
</Configure>



Panel
titleExample config-files

This are example config files to be checked if they fit to your environment (Passwords, Cipher Suites, Ports, Names...).

Please remember to change YourServerName to the Name of your Server.

Code Block
languagexml
themeEmacs
titleai-config.xml with deactivated HTTP1.0
collapsetrue
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "resources/WEB-INF/configure.dtd">
<Configure id="Cryptshare" class="org.eclipse.jetty.server.Server">
	<New class="org.eclipse.jetty.server.HostHeaderCustomizer" id="hostHeaderCustomizer">
		<Arg>YourServerName</Arg>
	</New>
	<New id="sslContextFactory" class="com.befinesolutions.cryptshare.server.CSSSLContextFactory">
		<Set name="KeyStorePath">lib/security/keystore</Set>
		<Set name="KeyStorePassword">CA0AZhuFM4NogQh</Set>
		<Set name="KeyManagerPassword">CA0AZhuFM4NogQh</Set>
		<Set name="TrustStorePath">
			<SystemProperty name="java.home" default="."/>/lib/security/cacerts
		</Set>
		<Set name="TrustStorePassword">changeit</Set>
		<Set name="protocol">TLSv1.2</Set>
		<Set name="renegotiationAllowed">false</Set>
        <Set name="includeProtocols">
            <Array type="java.lang.String">
                <Item>TLSv1.2</Item>
            </Array>
        </Set>
        <Set name="excludeProtocols">
            <Array type="java.lang.String">
                <Item>SSLv3</Item>
                <Item>SSLv2Hello</Item>
                <Item>TLSv1</Item>
                <Item>TLSv1.1</Item>
            </Array>
        </Set>
        <Set name="includeCipherSuites">
            <Array type="java.lang.String">
                <Item>TLS_ECDHE.*</Item>
            </Array>
        </Set>
        <Set name="excludeCipherSuites">
            <Array type="java.lang.String">
                <Item>.*NULL.*</Item>
                <Item>.*RC4.*</Item>
                <Item>.*MD5.*</Item>
                <Item>.*DES.*</Item>
                <Item>.*DSS.*</Item>
                <Item>TLS_RSA.*</Item>
				<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
				<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
				<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
				<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
            </Array>
        </Set>
	</New>
	<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
		<Set name="secureScheme">https</Set>
		<Set name="securePort">
			<SystemProperty name="cryptshare.ai.https.port" default="8080"/>
		</Set>
		<Set name="outputBufferSize">32768</Set>
		<Set name="requestHeaderSize">8192</Set>
		<Set name="responseHeaderSize">8192</Set>
		<Set name="sendServerVersion">
			<Property name="jetty.send.server.version" default="true"/>
		</Set>
		<Call name="addCustomizer">
			<Arg>
				<Ref refid="hostHeaderCustomizer" />
			</Arg>
		</Call>
	</New>
	<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
		<Arg>
			<Ref refid="httpConfig"/>
		</Arg>
		<Call name="addCustomizer">
			<Arg>
				<New class="org.eclipse.jetty.server.SecureRequestCustomizer"/>
			</Arg>
		</Call>
		<Call name="addCustomizer">
			<Arg>
				<Ref refid="hostHeaderCustomizer" />
			</Arg>
		</Call>
	</New>
	<Call name="addConnector">
		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
				<Arg name="server">
					<Ref refid="Cryptshare"/>
				</Arg>
				<Arg name="factories">
					<Array type="org.eclipse.jetty.server.ConnectionFactory">
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
								<Arg name="config">
									<Ref refid="httpConfig"/>
								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">
					<SystemProperty name="cryptshare.ai.http.port" default="9090"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="10000"/>
				</Set>
				<Set name="soLingerTime">
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
		</Arg>
	</Call>
	<Call id="sslConnector" name="addConnector">
		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
				<Arg name="server">
					<Ref refid="Cryptshare"/>
				</Arg>
				<Arg name="factories">
					<Array type="org.eclipse.jetty.server.ConnectionFactory">
						<Item>
							<New class="org.eclipse.jetty.server.SslConnectionFactory">
								<Arg name="next">http/1.1</Arg>
								<Arg name="sslContextFactory">
									<Ref refid="sslContextFactory"/>
								</Arg>
							</New>
						</Item>
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
								<Arg name="config">
									<Ref refid="tlsHttpConfig"/>
								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">
					<SystemProperty name="cryptshare.ai.https.port" default="8080"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="10000"/>
				</Set>
				<Set name="soLingerTime">
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
		</Arg>
	</Call>
</Configure>


Code Block
languagebashxml
themeEmacs
titleui-config.xml with deactivated HTTP1.0
collapsetrue
 <<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "resources/WEB-INF/configure.dtd">
<Configure id="Cryptshare" class="org.eclipse.jetty.server.Server">
    	<New class="org.eclipse.jetty.server.HostHeaderCustomizer" id="hostHeaderCustomizer">
		<Arg>YourServerName</Arg>
	</New>
	<Arg name="threadpool">
		<New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
			<Arg  <Arg>YourServerName<name="minThreads" type="int">5</Arg>
			<Arg name="maxThreads" type="int">25</Arg>
			<Arg name="idleTimeout" type="int">1000</Arg>
			<Arg name="queue">
				<New class="java.util.concurrent.ArrayBlockingQueue">
					<Arg type="int">200</Arg>
				</New>
			</Arg>
		</New>
	</Arg>
 	<New id="sslContextFactory" class="com.befinesolutions.cryptshare.server.CSSSLContextFactory">
         		<Set name="KeyStorePath">lib/security/keystore</Set>
         		<Set name="KeyStorePassword">CA0AZhuFM4NogQh</Set>
         		<Set name="KeyManagerPassword">CA0AZhuFM4NogQh</Set>
         		<Set name="TrustStorePath">
             			<SystemProperty name="java.home" default="." />/lib/security/cacerts
         		</Set>
         		<Set name="TrustStorePassword">changeit</Set>
         		<Set name="protocol">TLSv1<>TLSv1.2</Set>
         		<Set name="renegotiationAllowed">false</Set>
         <Set name="includeProtocols">
             <Array type="java.lang.String">
                <Item>TLSv1<<Item>TLSv1.2</Item>
                <Item>TLSv1.1</Item></Array>
        </Set>
       <Item>TLSv1.2</Item> <Set name="excludeProtocols">
           </Array> <Array type="java.lang.String">
       </Set>         <Item>SSLv3</Item>
<Set name="excludeProtocols">              <Array type="java.lang.String"> <Item>SSLv2Hello</Item>
                <Item>SSLv2Hello<<Item>TLSv1</Item>
                <Item>SSLv3<<Item>TLSv1.1</Item>
             </Array>
         </Set>
         <Set name="includeCipherSuites">
             <Array type="java.lang.String">
                <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384<.*</Item>
                <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</Item></Array>
        </Set>
       <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
  <Set name="excludeCipherSuites">
            <Array  <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>type="java.lang.String">
                 <Item>TLS_RSA_WITH_AES_256_CBC_SHA256<<Item>.*NULL.*</Item>
                <Item>TLS_RSA_WITH_AES_256_CBC_SHA<<Item>.*RC4.*</Item>
                <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256<<Item>.*MD5.*</Item>
                <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256<<Item>.*DES.*</Item>
                <Item>TLS_RSA_WITH_AES_128_CBC_SHA256<<Item>.*DSS.*</Item>
                <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
                RSA.*</Item>
				<Item>TLS_ECDHE_RSAECDSA_WITH_AES_128256_CBC_SHA</Item>
                <Item>TLS_				<Item>TLS_ECDHE_RSA_WITH_AES_128256_CBC_SHA</Item>
             </Array>
         </Set>
         <Set name="excludeCipherSuites">
             <Array type="java.lang.String">
                <Item>TLS_DHE_RSA				<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
                <Item>TLS_DHE				<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item>
                <Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
                <Item>TLS_RSA_WITH_RC4_128_MD5</Item>
                <Item>TLS_RSA_WITH_RC4_128_SHA</Item>
                <Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
             </Array>
         </Set>
     	</New>
     	<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
         		<Set name="secureScheme">https</Set>
         		<Set name="securePort">
             <Property 			<SystemProperty name="jettycryptshare.secureui.https.port" default="443" />
         		</Set>
		<Set name="outputBufferSize">32768</Set>
		<Set name="requestHeaderSize">8192</Set>
		<Set     name="responseHeaderSize">8192</Set>
		<Set name="sendServerVersion">
             			<Property name="jetty.send.server.version" default="falsetrue" />
         		</Set>
        		<Call name="addCustomizer">
            <Arg>
                			<Arg>
				<Ref refid="hostHeaderCustomizer" />
            			</Arg>
        		</Call>
     	</New>
     	<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
         		<Arg>
             <New class="org.eclipse.jetty.server.HttpConfiguration">
                 <Set name="secureScheme">https</Set>
                 <Set name="securePort">
                     <Property name="jetty.tls.port" default="443" />
                 </Set>
                 <Set name="outputBufferSize">32768</Set>
                 <Set name="requestHeaderSize">8192</Set>
                 <Set name="responseHeaderSize">8192</Set>
             </New>
         </Arg>
         			<Ref refid="httpConfig"/>
		</Arg>
		<Call name="addCustomizer">
             <Arg>
                 			<Arg>
				<New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
             			</Arg>
         		</Call>
        		<Call name="addCustomizer">
            <Arg>
                			<Arg>
				<Ref refid="hostHeaderCustomizer" />
            			</Arg>
        		</Call>
     	</New>
	<Call name="addConnector">
    <Arg>
        		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
                 				<Arg name="server">
                     					<Ref refid="Cryptshare"></Ref>
                 </Arg>
                 >
				</Arg>
				<Arg name="factories">
                     					<Array type="org.eclipse.jetty.server.ConnectionFactory">
                         <Item>
                             						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
                                 								<Arg name="config">
                                     									<Ref refid="httpConfig" />
                                 </Arg>
                             </New>
                         </Item>
                     </Array>
                 </Arg>
            								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">80</Set>
            >
					<SystemProperty name="cryptshare.ui.http.port" default="80"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="15000"/>
				</Set>
				<Set name="idleTimeoutsoLingerTime">10000</Set>
        >
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
    		</Arg>
	</Call>
	<Call id="sslConnector" name="addConnector">
    <Arg>
        		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
                 				<Arg name="server">
                     					<Ref refid="Cryptshare" />
                 				</Arg>
                 				<Arg name="factories">
                     					<Array type="org.eclipse.jetty.server.ConnectionFactory">
                         <Item>
                             						<Item>
							<New class="org.eclipse.jetty.server.SslConnectionFactory">
                                 								<Arg name="next">http/1.1</Arg>
                                 								<Arg name="sslContextFactory">
                                     									<Ref refid="sslContextFactory" />
                                 </Arg>
                             </New>
                         </Item>
                         <Item>
                             								</Arg>
							</New>
						</Item>
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
                                 								<Arg name="config">
                                     									<Ref refid="tlsHttpConfig" />
                                 </Arg>
                             </New>
                         </Item>
                     </Array>
            </Arg>
            								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
                     					<Property name="jetty.host" />
                 				</Set>
                 				<Set name="port">
                     <Property 					<SystemProperty name="jettycryptshare.tlsui.https.port" default="443" />
                 				</Set>
                 				<Set name="idleTimeout"><Property >
					<Property name="http.timeout" default="1000015000"/><>
				</Set>
                 				<Set name="soLingerTime"><Property >
					<Property name="http.soLingerTime" default="-1"/><>
				</Set>
            			</New>
        		</Arg>
    	</Call>
</Configure>




Include Page
ATT:Footer
ATT:Footer