Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Disable weak cipher in JIRA 8.4.2

Deleted user October 3, 2019

Our monitoring tool reports that some weak SSL ciphers are active for our JIRA instance.

I tried to follow this article but I do not know where I could set these parameters. The only place I could imagine is here in the registry.

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Apache Software Foundation\Procrun 2.0\JIRA120914170711\Parameters\Java

Can anyone help?

Thanks!

Answer
Watch
Like Be the first to like this
1053 views

1 answer

0 votes
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 5, 2019

@[deleted] 

Hi Marius

generally speaking you should look into the tomcat configuration (server.xml) and will need to tweak it there.

Atlassian has an official knowledgebase article on that

https://confluence.atlassian.com/kb/security-tools-report-the-default-ssl-ciphers-are-too-weak-755140945.html

 

In addition 

https://support.comodo.com/index.php?/Knowledgebase/Article/View/659/17/how-to----disable-weak-ciphers-in-tomcat-7--8

provides some details.

Please keep in mind that modifying the ciphers might disabled older browsers to work with your instance

 

All the best

 

Kurt

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events