Affected to:

All versions of Cryptshare Server

Symptom:

When requesting a page from a Cryptshare Server, the internal IP address of the server is revealed:

GET / HTTP/1.0

HTTP/1.1 302 Found
Date: Fri, 12 Jun 2015 07:43:06 GMT
X-Frame-Options: SAMEORIGIN
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store
Location: http://10.0.1.1/Start
Content-Length: 0

Cause:

HTTP 1.0 does not support the host-header and the Jetty Server therefore uses the server IP address instead.


Solution:

For each Jetty configuration file (User,- and Administration Interface) an additional customizer must be added for both Http-Configurations (http,https).

  1. open the Jetty XML configuration file for which the configuration shall be made
    1. user Interface: 'resources/WEB-INF/ui-config.xml'
    2. administration Interface: 'resources/WEB-INF/ai-config.xml
  2. introduce a 'New'-Tag for a HostHeaderCustomizer
  3. add a 'Call'-Tag for the new customizer for httpConfig-section
  4. add a 'Call'-Tag for the new customizer for tlsHttpConfig-section
  5. save changes
  6. restart Cryptshare Server


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "resources/WEB-INF/configure.dtd">
<Configure id="Cryptshare" class="org.eclipse.jetty.server.Server">
	<New class="org.eclipse.jetty.server.HostHeaderCustomizer" id="hostHeaderCustomizer">
        <Arg>myServerName</Arg>
    </New>
    [...]
     <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        [...]
        <Call name="addCustomizer">
            <Arg>
                <Ref refid="hostHeaderCustomizer" />
            </Arg>
        </Call>
     </New>
     <New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        [...]
        <Call name="addCustomizer">
            <Arg>
                <Ref refid="hostHeaderCustomizer" />
            </Arg>
        </Call>
     </New>
     [...]
</Configure>



This are example config files to be checked if they fit to your environment (Passwords, Cipher Suites, Ports, Names...).

Please remember to change YourServerName to the Name of your Server.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "resources/WEB-INF/configure.dtd">
<Configure id="Cryptshare" class="org.eclipse.jetty.server.Server">
	<New class="org.eclipse.jetty.server.HostHeaderCustomizer" id="hostHeaderCustomizer">
		<Arg>YourServerName</Arg>
	</New>
	<New id="sslContextFactory" class="com.befinesolutions.cryptshare.server.CSSSLContextFactory">
		<Set name="KeyStorePath">lib/security/keystore</Set>
		<Set name="KeyStorePassword">CA0AZhuFM4NogQh</Set>
		<Set name="KeyManagerPassword">CA0AZhuFM4NogQh</Set>
		<Set name="TrustStorePath">
			<SystemProperty name="java.home" default="."/>/lib/security/cacerts
		</Set>
		<Set name="TrustStorePassword">changeit</Set>
		<Set name="protocol">TLSv1.2</Set>
		<Set name="renegotiationAllowed">false</Set>
        <Set name="includeProtocols">
            <Array type="java.lang.String">
                <Item>TLSv1.2</Item>
            </Array>
        </Set>
        <Set name="excludeProtocols">
            <Array type="java.lang.String">
                <Item>SSLv3</Item>
                <Item>SSLv2Hello</Item>
                <Item>TLSv1</Item>
                <Item>TLSv1.1</Item>
            </Array>
        </Set>
        <Set name="includeCipherSuites">
            <Array type="java.lang.String">
                <Item>TLS_ECDHE.*</Item>
            </Array>
        </Set>
        <Set name="excludeCipherSuites">
            <Array type="java.lang.String">
                <Item>.*NULL.*</Item>
                <Item>.*RC4.*</Item>
                <Item>.*MD5.*</Item>
                <Item>.*DES.*</Item>
                <Item>.*DSS.*</Item>
                <Item>TLS_RSA.*</Item>
				<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
				<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
				<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
				<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
            </Array>
        </Set>
	</New>
	<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
		<Set name="secureScheme">https</Set>
		<Set name="securePort">
			<SystemProperty name="cryptshare.ai.https.port" default="8080"/>
		</Set>
		<Set name="outputBufferSize">32768</Set>
		<Set name="requestHeaderSize">8192</Set>
		<Set name="responseHeaderSize">8192</Set>
		<Set name="sendServerVersion">
			<Property name="jetty.send.server.version" default="true"/>
		</Set>
		<Call name="addCustomizer">
			<Arg>
				<Ref refid="hostHeaderCustomizer" />
			</Arg>
		</Call>
	</New>
	<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
		<Arg>
			<Ref refid="httpConfig"/>
		</Arg>
		<Call name="addCustomizer">
			<Arg>
				<New class="org.eclipse.jetty.server.SecureRequestCustomizer"/>
			</Arg>
		</Call>
		<Call name="addCustomizer">
			<Arg>
				<Ref refid="hostHeaderCustomizer" />
			</Arg>
		</Call>
	</New>
	<Call name="addConnector">
		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
				<Arg name="server">
					<Ref refid="Cryptshare"/>
				</Arg>
				<Arg name="factories">
					<Array type="org.eclipse.jetty.server.ConnectionFactory">
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
								<Arg name="config">
									<Ref refid="httpConfig"/>
								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">
					<SystemProperty name="cryptshare.ai.http.port" default="9090"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="10000"/>
				</Set>
				<Set name="soLingerTime">
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
		</Arg>
	</Call>
	<Call id="sslConnector" name="addConnector">
		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
				<Arg name="server">
					<Ref refid="Cryptshare"/>
				</Arg>
				<Arg name="factories">
					<Array type="org.eclipse.jetty.server.ConnectionFactory">
						<Item>
							<New class="org.eclipse.jetty.server.SslConnectionFactory">
								<Arg name="next">http/1.1</Arg>
								<Arg name="sslContextFactory">
									<Ref refid="sslContextFactory"/>
								</Arg>
							</New>
						</Item>
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
								<Arg name="config">
									<Ref refid="tlsHttpConfig"/>
								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">
					<SystemProperty name="cryptshare.ai.https.port" default="8080"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="10000"/>
				</Set>
				<Set name="soLingerTime">
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
		</Arg>
	</Call>
</Configure>


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "resources/WEB-INF/configure.dtd">
<Configure id="Cryptshare" class="org.eclipse.jetty.server.Server">
	<New class="org.eclipse.jetty.server.HostHeaderCustomizer" id="hostHeaderCustomizer">
		<Arg>YourServerName</Arg>
	</New>
	<Arg name="threadpool">
		<New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
			<Arg name="minThreads" type="int">5</Arg>
			<Arg name="maxThreads" type="int">25</Arg>
			<Arg name="idleTimeout" type="int">1000</Arg>
			<Arg name="queue">
				<New class="java.util.concurrent.ArrayBlockingQueue">
					<Arg type="int">200</Arg>
				</New>
			</Arg>
		</New>
	</Arg>
	<New id="sslContextFactory" class="com.befinesolutions.cryptshare.server.CSSSLContextFactory">
		<Set name="KeyStorePath">lib/security/keystore</Set>
		<Set name="KeyStorePassword">CA0AZhuFM4NogQh</Set>
		<Set name="KeyManagerPassword">CA0AZhuFM4NogQh</Set>
		<Set name="TrustStorePath">
			<SystemProperty name="java.home" default="."/>/lib/security/cacerts
		</Set>
		<Set name="TrustStorePassword">changeit</Set>
		<Set name="protocol">TLSv1.2</Set>
		<Set name="renegotiationAllowed">false</Set>
        <Set name="includeProtocols">
            <Array type="java.lang.String">
                <Item>TLSv1.2</Item>
            </Array>
        </Set>
        <Set name="excludeProtocols">
            <Array type="java.lang.String">
                <Item>SSLv3</Item>
                <Item>SSLv2Hello</Item>
                <Item>TLSv1</Item>
                <Item>TLSv1.1</Item>
            </Array>
        </Set>
        <Set name="includeCipherSuites">
            <Array type="java.lang.String">
                <Item>TLS_ECDHE.*</Item>
            </Array>
        </Set>
        <Set name="excludeCipherSuites">
            <Array type="java.lang.String">
                <Item>.*NULL.*</Item>
                <Item>.*RC4.*</Item>
                <Item>.*MD5.*</Item>
                <Item>.*DES.*</Item>
                <Item>.*DSS.*</Item>
                <Item>TLS_RSA.*</Item>
				<Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
				<Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
				<Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
				<Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
            </Array>
        </Set>
	</New>
	<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
		<Set name="secureScheme">https</Set>
		<Set name="securePort">
			<SystemProperty name="cryptshare.ui.https.port" default="443"/>
		</Set>
		<Set name="outputBufferSize">32768</Set>
		<Set name="requestHeaderSize">8192</Set>
		<Set name="responseHeaderSize">8192</Set>
		<Set name="sendServerVersion">
			<Property name="jetty.send.server.version" default="true"/>
		</Set>
		<Call name="addCustomizer">
			<Arg>
				<Ref refid="hostHeaderCustomizer" />
			</Arg>
		</Call>
	</New>
	<New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
		<Arg>
			<Ref refid="httpConfig"/>
		</Arg>
		<Call name="addCustomizer">
			<Arg>
				<New class="org.eclipse.jetty.server.SecureRequestCustomizer"/>
			</Arg>
		</Call>
		<Call name="addCustomizer">
			<Arg>
				<Ref refid="hostHeaderCustomizer" />
			</Arg>
		</Call>
	</New>
	<Call name="addConnector">
		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
				<Arg name="server">
					<Ref refid="Cryptshare"/>
				</Arg>
				<Arg name="factories">
					<Array type="org.eclipse.jetty.server.ConnectionFactory">
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
								<Arg name="config">
									<Ref refid="httpConfig"/>
								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">
					<SystemProperty name="cryptshare.ui.http.port" default="80"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="15000"/>
				</Set>
				<Set name="soLingerTime">
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
		</Arg>
	</Call>
	<Call id="sslConnector" name="addConnector">
		<Arg>
			<New class="org.eclipse.jetty.server.ServerConnector">
				<Arg name="server">
					<Ref refid="Cryptshare"/>
				</Arg>
				<Arg name="factories">
					<Array type="org.eclipse.jetty.server.ConnectionFactory">
						<Item>
							<New class="org.eclipse.jetty.server.SslConnectionFactory">
								<Arg name="next">http/1.1</Arg>
								<Arg name="sslContextFactory">
									<Ref refid="sslContextFactory"/>
								</Arg>
							</New>
						</Item>
						<Item>
							<New class="org.eclipse.jetty.server.HttpConnectionFactory">
								<Arg name="config">
									<Ref refid="tlsHttpConfig"/>
								</Arg>
							</New>
						</Item>
					</Array>
				</Arg>
				<Set name="host">
					<Property name="jetty.host"/>
				</Set>
				<Set name="port">
					<SystemProperty name="cryptshare.ui.https.port" default="443"/>
				</Set>
				<Set name="idleTimeout">
					<Property name="http.timeout" default="15000"/>
				</Set>
				<Set name="soLingerTime">
					<Property name="http.soLingerTime" default="-1"/>
				</Set>
			</New>
		</Arg>
	</Call>
</Configure>