As part of our quest to better secure Atlassian cloud products, Atlassian will be disabling support for Transport Layer Security (TLS) v1 and v1.1, effective December 1, 2018. We are urging companies using the Atlassian cloud products listed below to upgrade to TLSv1.2 before this date. Please read below to determine if you are affected and, if so, how to start making preparations for the change.
This will affect all HTTPS traffic to Atlassian cloud products, including:
The types of traffic which would be impacted include:
Many of HTTPS requests to Atlassian cloud products already use the newest version of TLS, v1.2. This includes all recent versions of our supported browsers. However, some requests include a number of remote CI/CD systems, scripts, and programs which interact with our APIs; all of which use older versions of Java, OpenSSL, .NET Framework, RestSharp, NING or Python’s ssl module when negotiating the secured connection to Atlassian cloud products. All of these will be unable to connect once we disable TLSv1 and TLSv1.1.
Please note: Payment processing pages have already moved from TLSv1, to comply with PCI requirements.
We plan to contact some teams and users directly, based on what we find in our logs. However, we recommend that you check to make sure that everything you use to connect to Atlassian's cloud products supports TSLv1.2. This includes (but is not limited to) your browser, Git or Mercurial client, CI/CD system, API clients, and anything else that may be linked to our products.
The following list is an overview of items which may or may not affect you.
Please upgrade anything that is affected before December 1, 2018. The exact details of your upgrade will depend on what you use and how it’s installed. We don’t have enough room here to list all the different combinations, unfortunately, but we hope that the section above will point you in the right direction. We’ll remind everyone as December 1 approaches, but if you discover that you are affected, then you need to start planning now.
Keeping your Atlassian cloud product experience secure is a priority for us. We understand that system upgrades can be complicated, especially on shared systems. We appreciate your support and patience as we disable older versions of TLS in the coming months.
As always, please contact our support team if you need additional information or ask questions in the comments below!
Jim RedmondAtlassian Team
The wait is over... Portfolio for Jira Server and Data Center 3.0 is now officially here! Platform releases offer Atlassian an opportunity to shift our strategy, make bold predictions about t...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs