Earn badges and make progress
You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Participate in fun challenges
Challenges come and go, but your rewards stay with you. Do more to earn more!
Gift kudos to your peers
What goes around comes around! Share the love by gifting kudos to your peers.
Rise up in the ranks
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Come for the products,
stay for the community
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Jira Align and SSL/TLS
Purpose
This article is designed to explain some of the specifics around SSL and TLS within the Jira Align infrastructure and product.
The Jira Align infrastructure includes multiple service tiers. The Jira Align Web Application deals with inbound traffic only while the Jira Align Connectors are outbound traffic only.
Outbound Requests from Jira Align to Your Product
For outbound requests, Jira Align only supports TLS 1.2 as the secure standard.
More specifically, these are the TLS 1.2 ciphers that Jira Align supports:
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Mutual TLS from Jira Align to Jira Server/Data Center
Figure 1.1: Example of Jira Align to Jira/Proxy with Mutual TLS
Mutual TLS goes hand-in-hand with Outbound Requests as the client certificate is enabled by default.
The server that is hosting Jira or the Proxy in front of Jira is responsible for enforcing Mutual TLS. The enforcer of Mutual TLS will request Jira Align to provide the Client Certificate.
Jira Align requires a Trusted 3rd Party Certificate (ex: DigiCert, Sectigo, GoDaddy, etc.) to be used with Mutual TLS.
There are 3 certificate types that can be used:
-
Wildcard Jira Align Certificate, owned by Atlassian (*.jiraalign.com)
-
Non-Wildcard Jira Align Certificate, owned by Atlassian (Ex: customer.jiraalign.com )
-
Custom Certificate, owned by Customer (Ex: jiraalign.customer.com )
NOTE: Regarding Custom SSL Certificates that are owned by the Customer: The Customer is responsible for renewing this certificate before the expiration date, notifying us via a Jira Align Support ticket, and working with Jira Align Support to coordinate the certificate swap.
NOTE2: When generating a Customer-owned Custom certificate, please check with your Network Security Team to ensure that you are following your organization's policies and procedures.
Inbound Requests from End User to Jira Align
For inbound requests, Jira Align only supports TLS 1.2 as the secure standard.
More specifically, these are the TLS 1.2 ciphers that Jira Align supports:
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Certificate Validation
As part of certificate validation, Jira Align will validate:
-
The certificate has not expired
-
The issuer of the server/client certificate is signed from a valid trusted 3rd party CA
-
Issuer’s digital signature contained in server certificate is valid
-
The domain name on the certificate matches the domain of the server
-
Certificate is not revoked
Was this helpful?
Thanks!
James McCulley
0 comments