Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira Align and SSL/TLS

Purpose

This article is designed to explain some of the specifics around SSL and TLS within the Jira Align infrastructure and product.

The Jira Align infrastructure includes multiple service tiers. The Jira Align Web Application deals with inbound traffic only while the Jira Align Connectors are outbound traffic only.

 

Outbound Requests from Jira Align to Your Product

For outbound requests, Jira Align only supports TLS 1.2 as the secure standard.

More specifically, these are the TLS 1.2 ciphers that Jira Align supports:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

 

Mutual TLS from Jira Align to Jira Server/Data Center

SSL.png

Figure 1.1: Example of Jira Align to Jira/Proxy with Mutual TLS

Mutual TLS goes hand-in-hand with Outbound Requests as the client certificate is enabled by default. 

The server that is hosting Jira or the Proxy in front of Jira is responsible for enforcing Mutual TLS. The enforcer of Mutual TLS will request Jira Align to provide the Client Certificate.

Jira Align requires a Trusted 3rd Party Certificate (ex: DigiCert, Sectigo, GoDaddy, etc.) to be used with Mutual TLS.

There are 3 certificate types that can be used:

  • Wildcard Jira Align Certificate (*.jiraalign.com)

  • Custom Jira Align Certificate (Ex: customer.jiraalign.com)

  • Customer-owned Certificate (Ex: jiraalign.customer.com )

 

NOTE: Regarding Custom SSL Certificates that are owned by the Customer: The Customer is responsible for renewing this certificate before the expiration date, notifying us via a Jira Align Support ticket, and working with Jira Align Support to coordinate the certificate swap.

Inbound Requests from End User to Jira Align

For inbound requests, Jira Align only supports TLS 1.2 as the secure standard.

More specifically, these are the TLS 1.2 ciphers that Jira Align supports:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

 

Certificate Validation

As part of certificate validation, Jira Align will validate:

  • The certificate has not expired

  • The issuer of the server/client certificate is signed from a valid trusted 3rd party CA

  • Issuer’s digital signature contained in server certificate is valid

  • The domain name on the certificate matches the domain of the server

  • Certificate is not revoked

 

0 comments

Comment

Log in or Sign up to comment
TAGS
Community showcase
Published in Jira Align

Lean Portfolio Management with Jira Align

Lean Portfolio Management (LPM) is a relatively newer management methodology which draws from lean and systems thinking approaches to drive value-based outcomes, as opposed to more traditional techni...

224 views 0 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you