Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Impact of updated cipher suites on Jira and Jira Service Management

June 5, 2024

Update on August 2, 2024

We've further extended support for the unsupported cipher suites until September 23, 2024, to ensure sufficient lead time to make the required changes.

Update on July 31, 2024

Re: Email sent on July 29, 2024, titled “[JIRA] TLS cipher suites are being deprecated by August 5, 2024”. While the intended recipients of the deprecation notice were Jira admins who have configured mail servers with Basic Authentication (excluding Google Basic Authentication), the email was unintentionally sent to all Jira admins, including admins of sites that:

  • Use mailboxes configured with Google/Microsoft OAuth or Atlassian’s Default Cloud Mail Server, OR

  • Don’t use the incoming mail feature to create new issues and comments in Jira.

If you fall into either of the two categories above, please ignore the email and accept our apologies.

Additionally, to ease the confusion regarding who it affects, we’ve:

  • Edited this community post to answer most questions in the comments.

  • Extended support for the unsupported cipher suites until September 2, 2024, to ensure sufficient lead time to make the required changes.

On August 5, 2024, Jira and Jira Service Management will begin updating their Transport Layer Security (TLS) configuration to be consistent with other Atlassian Cloud products. This includes ending support for some weaker cipher suites.

This change may impact sites using the following:

Who is affected?

For Jira:

You can verify if the deprecation notice applies to you by navigating to Jira’s incoming mail feature (cog icon > System > Incoming Mail) and locating the ‘Basic’ Authentication Type, as shown in the Set up your incoming mail server section (screenshot below).
image-20240731-025005.png

Note: No action is required if you:

  • Use mail servers configured with Google/Microsoft OAuth, Google Basic Authentication, or Atlassian’s Default Cloud Mail Server, OR

  • Don’t use the incoming mail feature to create new issues and add comments on Jira.

For Jira Service Management:

You can verify if the change applies to you by checking if any of the service projects on your site are configured to receive new requests from external email accounts connected via Basic Authentication. i.e. If you’ve connected your external email account by selecting Other (or Continue with Other) on the Email requests page under Project Settings, then it’s connected using Basic Authentication.

Note: No action is required if you:

  • Use mail servers configured with Google/Microsoft OAuth, Google Basic Authentication, or Atlassian’s Default Cloud Mail Server.
    image-20240730-171803.png
    image-20240730-171829.png

I’m affected by this change. What do I do next?

If the deprecation impacts your site, we will contact you before it comes into effect. If you’d like to be prepared for this change in advance, you can perform the following steps:

For Jira:

  • If your organization uses a self-hosted or third-party mail server for the incoming mail feature, contact your IT team or service provider to confirm whether they’re using cipher suites supported by Atlassian.

  • Post the deprecation, you can test the connection by going to Jira > Settings > System > Incoming Mail > Mail Handlers (configured with an already functional Basic Authentication mail server) > Edit > Next > Test. A successful test confirms that you’re using supported ciphers, and no action needs to be taken.

For Jira Service Management:

  • From your service project, go to Project settings and select Email requests. If you have an external email account connected using Basic Authentication, find out its incoming mail server hostname. Depending on whether the mail server for your email account is self-hosted or managed by a third party, contact your IT team or service provider respectively for cipher details.
    image-20240730-173901.png

  • Post the deprecation, you can refer to the Connectivity logs (Project settings > Email requests > View logs > Connectivity logs) to check if a connected email account is showing the status as failed due to the Remote host terminated the handshake error.

Supported cipher suites as of August 5, 2024

As of August 5, 2024, your mail servers must accept TLS connections using at least one of the cipher suites below.

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

How can I fix this issue?

For Jira and Jira Service Management, identify mail servers that are connected using Basic Authentication. Then, depending on your incoming mail server, follow the instructions below:

  • For self-hosted mail server(s), contact your IT team and ensure they use one of the supported cipher suites.

  • For mail server(s) managed by a third party, refer to the support documentation on their official website or contact your service provider. Make sure they use the ciphers that Atlassian supports.

  • If you’re using Google Basic Authentication, no action is needed as it supports the latest ciphers. However, to avoid future issues, we recommend you connect via OAuth.

* For Jira Service Management, if the service projects on your site are connected to external email accounts with different incoming mail servers, then you need to perform this check for every mail server.

We understand that system upgrades can be complicated, but keeping your data secure is our priority. We appreciate your support and patience as we turn off old, insecure cipher suites. If the problem persists, contact the support team.

Comment
Watch
Like # people like this
23545 views

62 comments

Susan Waldrip
Susan Waldrip
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 1, 2024

Thank you @Ritika Arora for posting this info!

Like Tomislav Tobijas _Koios_ likes this
Alba Luz
Alba Luz
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2024

No quiero que nada afecte mi correo electronico  yo no uso esas aplicacionesl

Like francisco_mateu_testgilde_de likes this
Alex Opie
Alex Opie
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2024

I'm a bit confused about this notice and the email I got today: what exactly is changing?

The message is

> On August 5, 2024, some of the TLS cipher suites may no longer work and will affect incoming mail connections with 'Basic' authentication type.

But what connections are these? Atlassian doesn't host my email (does it host mail at all?), so why would I be making a mail connection with any authentication type, let alone "Basic"?

Like # people like this
Mohammad Faiz Fitri Bin Mohd Anas
Mohammad Faiz Fitri Bin Mohd Anas
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2024

hi, i've received this. please advise what is the impact to our company. please advise how we do verify if using tls and oauth. thanks

JIRA issue.png

Like # people like this
Krishnan
Krishnan July 28, 2024

+1 @Alex Opie 's question

Like
Abdelrahman Alfawaier
Abdelrahman Alfawaier July 28, 2024

+1

 

Like
Prabu N
Prabu N July 28, 2024

We are using MSXML2.XMLHTTP60 component for API connection with Basic authentication. Will this be impacted? Or is it only for emails??

Like
Joakim Baas
Joakim Baas
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2024

+1 @Alex Opie 

Like
IKP Reddy
IKP Reddy
Contributor
July 28, 2024

+1, Today i also received this email. Not sure what to do next ? can we ignore or do  i need to do any precautionary steps ?

 

I am still not clear about the email content what they mentioned..

 

 

Like # people like this
Chetan Chavan
Chetan Chavan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2024

Toady we also got email. Not sure what to do next ? We used Gmail services what we need to do ? 

Like
Sunil Vardhaman
Sunil Vardhaman
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

Hi,

We use gmail service for mail for Jira mail notifications & it supports all the ciphers (latest) which is supported by Atlassian, do we still think we need to do any-changes on our end ?

 

Like
Bart van den Bosch NEXUS
Bart van den Bosch NEXUS
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

We also received the email and are using JIRA cloud, Confluence cloud and Microsoft 365/Exchange Online. It's unclear what to check where.


Like # people like this
Jeroen van den Berg
Jeroen van den Berg
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

A lot confusion could have been prevented if Atlassian stated in their e-mail exactly which settings to check. In fact, they only communicated: "Here are the ciphers we support, check your e-mail settings". Which ones?

Like # people like this
Gema Bejarano
Gema Bejarano July 29, 2024

Buenos días , necesito saber en que afecta, esto ? Ando perdida.

 

Gracias.

 

image.png

Like Juan Manuel Rodriguez Tellez likes this
Gugudu Mohammed Shamiullah
Gugudu Mohammed Shamiullah
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

I have received this email in my inbox , may I know what is this email about and what impact does it have for existing Jira setup for us? Can you please elaborate briefly on this .

Like # people like this
Gema Bejarano
Gema Bejarano July 29, 2024

Si yo también y cual es impacto. Gracias

Like
AMOGH JAIN _RA2111027010010_
AMOGH JAIN _RA2111027010010_
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

I am new here can anyone please help me in knowing what do we have to do to make sure it doesn't affect and how do we check that?

Like # people like this
Gürcan Serttas
Gürcan Serttas
Contributor
July 29, 2024

Hello,

It is not clear, what should be checked by admin site?

 

Like # people like this
Hannah Johnson
Hannah Johnson
Contributor
July 29, 2024

Can someone please let me know what i am supposed to check? 

Like # people like this
Addison Taylor
Addison Taylor
Contributor
July 29, 2024

previous community post with where to see this: https://community.atlassian.com/t5/Jira-articles/Microsoft-s-deprecation-of-Basic-Auth-in-January-2023-and-how-it/ba-p/2175164 

 

it seems also the hyperlinks for "community post" and "contact our support team" were transposed

Like # people like this
Enoque Guimel Santos Clemente
Enoque Guimel Santos Clemente
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

Hello good afternoon,

I have the same doubt and query, at the level of configuration between Atlassian/Jira and our Exchanger server and application in "Enter/AD", we see everything correct, is there any more configuration or extra review to be done?

Thank so much,

 

Like # people like this
Anne Saunders
Anne Saunders
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 29, 2024

Can someone from the Atlassian team post a screenshot of what a current and properly connected incoming mail server and mail handlers should look like? 

I don't see either 'Basic' or anything about ciphers anywhere, and the 'Authentication Type' field on the Default Cloud Mail Server (our incoming mail server) is blank. 

We do use SSO to authenticate to Jira as individuals, but the email is unclear regarding whether this is the security setting meant. 

Like # people like this
Sutherland_ Melanie
Sutherland_ Melanie
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

If someone can advise if we are affected by this please? I have no idea where to start looking. 

Like # people like this
Michael Poole
Michael Poole
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2024

The "Supported security protocols for Atlassian cloud products" page (as of this writing) only says that "This affects all secured traffic (HTTPS) to Atlassian cloud products".  It doesn't address email traffic at all.  Adding information about how email is affected might reduce the confusion about how this applies to mail servers and email exchanges.

Like # people like this
David at David Simpson Apps
David at David Simpson Apps
Atlassian Partner
July 29, 2024

This email is incredibly badly worded.

Perhaps have someone translate it for normal users into why they are receiving the email, what if anything needs to be done, and why. 

Also the email states nothing about the service it regards or the URL of the Jira in question. 

This thing is going out the thousands of users. Each one of them will then have to try to understand why they’ve received it and what it means. Just think of the number of wasted hours. 

Like # people like this

Comment

Log in or Sign up to comment
Ritika Arora

Ritika Arora

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

1 post

View profile
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events