Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,364,101
Community Members
 
Community Events
168
Community Groups

Disable weak cipher in JIRA 8.4.2

Deleted user Oct 03, 2019

Our monitoring tool reports that some weak SSL ciphers are active for our JIRA instance.

I tried to follow this article but I do not know where I could set these parameters. The only place I could imagine is here in the registry.

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Apache Software Foundation\Procrun 2.0\JIRA120914170711\Parameters\Java

Can anyone help?

Thanks!

1 answer

0 votes

@[deleted] 

Hi Marius

generally speaking you should look into the tomcat configuration (server.xml) and will need to tweak it there.

Atlassian has an official knowledgebase article on that

https://confluence.atlassian.com/kb/security-tools-report-the-default-ssl-ciphers-are-too-weak-755140945.html

 

In addition 

https://support.comodo.com/index.php?/Knowledgebase/Article/View/659/17/how-to----disable-weak-ciphers-in-tomcat-7--8

provides some details.

Please keep in mind that modifying the ciphers might disabled older browsers to work with your instance

 

All the best

 

Kurt

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events