[LabKey Cloud] issue 49843: update ciphers (#73)

* set bootstrap full text index path (#64) * bump openssl version (#67) * uniquify container names for latest docker-compose * issue 49843: update ciphers to latest default * Update Dockerfile with suggested ciphers Co-authored-by: Josh Eckels <jeckels@labkey.com> * Update application.properties with suggested ciphers Co-authored-by: Josh Eckels <jeckels@labkey.com> * revert accidental logging change --------- Co-authored-by: labkey-stuartm <32204841+labkey-stuartm@users.noreply.github.com> Co-authored-by: github-actions <teamcity@labkey.com> Co-authored-by: Josh Eckels <jeckels@labkey.com>
LabKey · Mar 18, 2024 · a800169 · a800169
1 parent 40f1a27
commit a800169
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -73,9 +73,9 @@ ENV DEBUG="${DEBUG}" \
     TOMCAT_KEYSTORE_FORMAT="PKCS12" \
     TOMCAT_KEYSTORE_ALIAS="tomcat" \
     \
-    TOMCAT_SSL_CIPHERS="HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL" \
+    TOMCAT_SSL_CIPHERS="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!ECDH" \
     TOMCAT_SSL_PROTOCOL="TLS" \
-    TOMCAT_SSL_ENABLED_PROTOCOLS="-TLSv1.3,+TLSv1.2" \
+    TOMCAT_SSL_ENABLED_PROTOCOLS="TLSv1.3,TLSv1.2" \
     \
     TOMCAT_ENABLE_ACCESS_LOG= 
 

diff --git a/application.properties b/application.properties
@@ -121,8 +121,8 @@ server.http2.enabled=true
 
 server.ssl.enabled=true
 
-server.ssl.ciphers=${TOMCAT_SSL_CIPHERS:-HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL}
-server.ssl.enabled-protocols=${TOMCAT_SSL_ENABLED_PROTOCOLS:-TLSv1.3,+TLSv1.2}
+server.ssl.ciphers=${TOMCAT_SSL_CIPHERS:-HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!EDH:!DHE:!DH:!ECDH}
+server.ssl.enabled-protocols=${TOMCAT_SSL_ENABLED_PROTOCOLS:-TLSv1.3,TLSv1.2}
 server.ssl.protocol=${TOMCAT_SSL_PROTOCOL:-TLS}
 
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,7 +4,7 @@ version: "3"
 services:
   community:
     image: labkey/community
-    container_name: ${IDENT:-labkey}
+    container_name: labkey
     # build: {"context": ".", "args": ["LABKEY_VERSION=21.3-SNAPSHOT"]}
     # deploy:
     #   resources:
@@ -115,7 +115,7 @@ services:
 # below are for internal LabKey testing
   allpg:
     image: ${COMPOSE_IMAGE:-labkey/community}
-    container_name: ${IDENT:-allpg}
+    container_name: allpg
     # build: {"context": ".", "args": ["LABKEY_VERSION=21.3-SNAPSHOT"]}
     # deploy:
     #   resources:
@@ -224,7 +224,7 @@ services:
 
   enterprise:
     image: ${COMPOSE_IMAGE:-labkey/community}
-    container_name: ${IDENT:-enterprise}
+    container_name: enterprise
     # build: {"context": ".", "args": ["LABKEY_VERSION=21.3-SNAPSHOT"]}
     # deploy:
     #   resources:
@@ -333,7 +333,7 @@ services:
 
   lims_starter:
     image: ${COMPOSE_IMAGE:-labkey/community}
-    container_name: ${IDENT:-lims_starter}
+    container_name: lims_starter
     # build: {"context": ".", "args": ["LABKEY_VERSION=21.3-SNAPSHOT"]}
     # deploy:
     #   resources: