Impact of updated cipher suites on Jira and Jira Service Management

I agree with David. Words are crucial, especially when addressing a highly technical topic to a non-technical audience!

The link to the article in the email actually directs to the contact center, and there is too little information for us consultants to support end customers effectively, addressing their concerns and proceeding with the necessary verifications. We need a clarification as soon as possible!

Hi - How do I know if this is affecting me?  I am not sure if we use this: the feature or use a mail server configured with OAuth.

How can I verify or check?

Thanks

Mary 

I'm not sure how to check if this will affect my Jira instance, but I've opened a support ticket with Atlassian to see if I can get some guidance. I'll post here what they say!

This notification from Atlassian said "Check which cipher suites your connected email accounts use".  Can someone from Atlassian provide steps where to navigate to check and what to check for?

I think this doesn't apply to my org because we never set up Jira to create tickets from emails. However, even with the new update at the top of this thread (shown below), this is not very clear. What if I inherited the system from someone else? How would I know if this is set up?

"If you received an email associated with this change for Jira incoming mail but don’t use the feature or use a mail server configured with OAuth, kindly ignore the email."

Where would I see the error? How do I check if this is going to affect us? We use MS O365.

Thanks,

Hey Atlassian, interns writing your communications now? What a dumb email. And still no reply from you here?  What is it, don't care about this much?

How do I check to see if my organization is using OAuth Access?

The correct approach in sending this notification would have been to send it only to org, technical and billing administrators, not to all kinds of users.

I'd suggest sending out a follow-up email clarifying who needs to pay attention to this notification and what they need to do about it, and asking non-admin users to disregard.

Buenos días, alguien ya sabe en que nos afecta y como solucionarlo?

Hello everyone,

Thank you for your patience during this change.

For Mail Handler within Jira Software and Jira Work Management, I wanted to highlight some additional steps to help users determine if they are affected.

First, determine if your site has any additionally configured Google or Outlook incoming mail servers configured in your incoming mail page of Jira.

To get to the incoming mail page, navigate to the gear icon in the top right of your Jira site, then System, then Incoming Mail in the left panel.

Here, if you only see the Default Cloud Mail Server, then you will not be affected by these cipher suite changes.

If your site does have a Google or Outlook incoming mail server configured:

• We first recommend switching to OAuth for these connections.
• Otherwise, if using Basic authentication, refer to the official website of your email service provider to understand which TLS version and cipher suite that provider supports, then reach out to your IT team and ensure that your Google or Outlook mail server is also using a supported cipher suite.
• Atlassian's supported cipher suites can be found here. 

If you are using your own mail service application, refer to that applications vendor to understand the supporter TLS versions and cipher suites.

Atlassian strives to maintain the best security practices and expect these changes will align with major service providers without any problems.

Login to your Administration -> Choose a product -> go to the Security -> and you will see if it "base" or something else.

So, the Atlassian Team woke up today and decided to send the worst worded email that won't be understood by many technical and all of the non-technical users.

SO MUCH CONFUSION AND YOU SENT THAT EMAIL TO ALL? KUDOS TO YOU

Thank you, @Nathan Phillips. That was quite helpful!

For anyone confused:

Review the Mail handlers setting here. Look at the mail server that's associated.

https://URL.atlassian.net/secure/admin/IncomingMailServers.jspa

(REPLACE URL with your own tenant) 

If the Incoming Mail server is "Default Cloud Mail Server" (aka Atlassian Cloud) then no action is required. If you have something else configured, double check the configuration inside of whatever the outside service is. 

we use Gmail suites and our outlook client is configured to use incoming email server IMPA (port 993) with SSL, when I change this to TLS, the port is automatically changed to 143, then the incoming mail test fails, then I change the port to 993 and keep the TLS, the incoming mail test still fails. However the outgoing mail test passes with TLS and port 25. Can someone tell me what to do for my Outlook client 2010 using Gmail suites.

Does this only affect Cloud (not Data Center)?

@Nathan Phillipsthank you for clarifying. Can I please recommend that in future, emails like this are only sent to those people who actually use the feature in question? It has just added a lot of confusion and wasted time for those of us that don't even know about this feature, let alone use it.

I wish @Nathan Phillips' comment had been the initial update. 

Why does nothing mention how to check authentication for mailboxes set up in individual Service Management projects?

Hey @Nathan Phillips perhaps add a loom video demo of the scenarios to the update above?

Wow Atlassian I have spent over an hour to find out what I'm meant to be looking for from your email.

Thank you to the community for posting where to look, I normally just raise a ticket with support.

My trust is with that person who posted where to look - hoping that the information is correct. 

Even then it took me a while to find the post and try others guides but they never worked, I was in this screen  earlier from looking at another Community post but it meant nothing to me for what to look at.

I do have a question for Atlassian 

Do the people drafting these emails think or understand that a lot of these settings are set and left - users don't know where to look or understand where to look. The posts to this trend is evidence of that.

Instead of 100's of your customers spending 20, 30 or 60 minutes trying to understand what you are on about in your emails

Why are you not the single source that adds instructions with Screenshots, so people know where to look and what to look for.

Unfortunately IMO  Atlassian you do it all the time and leave it up to your awesome Support desk to help users like me.

Hi @Ritika Arora 

Thank you so much for sharing this information. However, I believe many of us have questions about this message. We can contact support, but it could also work if you share a response with all of us here. Could you please indicate the configuration we need to have on our web server and incoming email server? I think an example could help us understand this topic a bit better.

I greatly appreciate your support and look forward to your response.

Best regards.

Looking for some clarity to the email sent out from Atlassian...

Question : Does the deprecation only apply to external systems or other mail servers trying to connect to Jira email using basic auth?

Cheers

Nige

@Ritika Arora Can you help us to know:
- What has changed,

- Where & what to check,

- How to confirm if we are impacted so what to be changed to avoid any issue

- If not impacted then what to check to ensure this.