remove cipher settings that are included in jar with 26.1

labkey-willm · labkey-willm · commit c6ab801e4ebd · 2025-12-05T12:54:47.000-08:00
diff --git a/Dockerfile b/Dockerfile
@@ -77,10 +77,6 @@ ENV DEBUG="${DEBUG}" \
     TOMCAT_KEYSTORE_FORMAT="PKCS12" \
     TOMCAT_KEYSTORE_ALIAS="tomcat" \
     \
-    TOMCAT_SSL_CIPHERS="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20" \
-    TOMCAT_SSL_ENABLED_PROTOCOLS="TLSv1.3,TLSv1.2" \
-    TOMCAT_SSL_PROTOCOL="TLS" \
-    \
     TOMCAT_ENABLE_ACCESS_LOG=""
 
 ENV CERT_C="US" \
diff --git a/README.md b/README.md
@@ -248,9 +248,6 @@ The `CERT_*` ENVs should look familiar to anyone that has used the `openssl` com
 | TOMCAT_KEYSTORE_ALIAS        | self-signed cert/keystore "alias"                            | `tomcat`                                                 |
 | TOMCAT_KEYSTORE_FILENAME     | self-signed cert/keystore filename                           | `labkey.p12`                                             |
 | TOMCAT_KEYSTORE_FORMAT       | self-signed cert/keystore format                             | `PKCS12`                                                 |
-| TOMCAT_SSL_CIPHERS           | allowable SSL ciphers for use by tomcat | `HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20` |
-| TOMCAT_SSL_ENABLED_PROTOCOLS | allowable SSL protocols and versions                         | `TLSv1.3,TLSv1.2`                                        |
-| TOMCAT_SSL_PROTOCOL          | basic SSL protocol to use                                    | `TLS`                                                    |
 | CERT_C                       | "Country" value for the generated self-signed cert           | `US`                                                     |
 | CERT_CN                      | "Common Name" value for the generated self-signed cert       | `localhost`                                              |
 | CERT_L                       | "Location" value for the generated self-signed cert          | `Seattle`                                                |
diff --git a/application.properties b/application.properties
@@ -113,11 +113,6 @@ server.http2.enabled=true
 
 server.ssl.enabled=true
 
-server.ssl.ciphers=${TOMCAT_SSL_CIPHERS}
-server.ssl.enabled-protocols=${TOMCAT_SSL_ENABLED_PROTOCOLS}
-server.ssl.protocol=${TOMCAT_SSL_PROTOCOL}
-
-
 # must match values in entrypoint.sh
 server.ssl.key-alias=${TOMCAT_KEYSTORE_ALIAS}
 server.ssl.key-store=${LABKEY_HOME}/${TOMCAT_KEYSTORE_FILENAME}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -27,7 +27,6 @@ services:
       # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation
 
       # - TOMCAT_ENABLE_ACCESS_LOG=1
-      - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20}      
       - LOG_LEVEL_SPRING_WEB=INFO
       - LOG_LEVEL_TOMCAT=DEBUG
       - LOG_LEVEL_DEFAULT=DEBUG
@@ -140,7 +139,6 @@ services:
       # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation
 
       # - TOMCAT_ENABLE_ACCESS_LOG=1
-      - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20}
       - LOG_LEVEL_SPRING_WEB=INFO
       - LOG_LEVEL_TOMCAT=DEBUG
       - LOG_LEVEL_DEFAULT=DEBUG
@@ -251,7 +249,6 @@ services:
       # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation
 
       # - TOMCAT_ENABLE_ACCESS_LOG=1
-      - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20}
       - LOG_LEVEL_SPRING_WEB=INFO
       - LOG_LEVEL_TOMCAT=DEBUG
       - LOG_LEVEL_DEFAULT=DEBUG
@@ -363,7 +360,6 @@ services:
       # - LABKEY_SYSTEM_DESCRIPTION=Sirius Cybernetics Corporation
 
       # - TOMCAT_ENABLE_ACCESS_LOG=1
-      - TOMCAT_SSL_CIPHERS=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!CAMELLIA:!ARIA:!AESCCM:!SHA:!CHACHA20}
       - LOG_LEVEL_SPRING_WEB=INFO
       - LOG_LEVEL_TOMCAT=DEBUG
       - LOG_LEVEL_DEFAULT=DEBUG
diff --git a/quickstart_envs.sh b/quickstart_envs.sh
@@ -3,7 +3,7 @@
 # example minimal set of environment variables to get started - see readme for additional envs you may wish to set
 
 # embedded tomcat LabKey .jar version to build container with
-export LABKEY_VERSION="25.12"
+export LABKEY_VERSION="26.1"
 
 # minimal SMTP settings
 export SMTP_HOST="localhost"
