Enhance Web Server Security

In Control Center web server(Jetty) start.ini file, the following variables are set as below. If needed, <<CCInstallDir>>/web/ccbase/start.ini can be modified as needed. The changes will be retained even after the upgrade.

  • jetty.sslContext.sniRequired:

    Server Name Indication is an extension of the Transport Layer Security (TLS) protocol, which allows a client to indicate which hostname it is attempting to connect to at the start of the handshaking process. This is particularly useful when a server hosts multiple domains with different SSL certificates on a single IP address. jetty.sslContext.sniRequired=false would likely mean that the Jetty server will not strictly require clients to send an SNI extension during the SSL/TLS handshake.

  • jetty.ssl.sniRequired=false:

    The property jetty.ssl.sniRequired=false configures the Jetty server to not strictly require Server Name Indication (SNI) during the SSL/TLS handshake.

  • jetty.ssl.sniHostCheck=false:

    The property jetty.ssl.sniHostCheck=false in Jetty server configuration disables host name checking for Server Name Indication (SNI) during SSL/TLS handshakes.