I have followed the instructions provided by Atlassian for disabling TLS 1.0 but the recommended configuration changes have no affect. Has anyone successfully disable this protocol on a Bitbucket 5.10 server?
Any information on how to do so would be appreciated.
I followed the following information from the Atlassian docs:
server.ssl.protocol=TLSv1.2
We recommend requiring TLS 1.2. If you have clients that don't support TLS 1.2, don't include this property. The default is
"TLS
".
Testing shows the insecure TLS 1.0 protocol is still offered however. I am agnostic about the use of TLS 1.1 for now.
openssl s_client -connect dev-site.org:443 -tls1
...
SSL-Session:
Protocol : TLSv1
...
My bitbucket.properties file (minus database and keystore credentials):
server.port=8443
server.ssl.enabled=true
server.ssl.protocol=TLSv1.2
server.require-ssl=true
server.additional-connector.1.port=8080
server.additional-connector.1.redirect-port=443
I am using firewalld to forward ports from 80 to 8080 and 443 to 8443. Not sure if that is a unique configuration or not.
I would be happy to provide more information if that would be helpful.
Ok. I spoke with someone from Atlassian support who directed me to the following document that describes the solution.
This was the configuration I was missing to disable TLSv1.
server.ssl.enabled-protocols=TLSv1.2,TLSv1.1
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.