Hello and thank you for taking my question!
I'm a junior infrastructure specialist and I am trying to disable TLS 1.0 and 1.1.
We put in the slProtocol="TLSv1.2" in the $Catalina Home server.xml file but both tls 1.0 and tls 1.2 are showing up on port 8443.
I've tried to edit the xml file but if I change the connector, the server won't start.
I see there are 2 connector ports - that could be the issue?
I saved this on my desktop and edited the format so i could fit it all in the screenshot.
I am new to server.xml and I believe I'm almost there just need some guidance. I will attach screenshots with my server.xml file.
Hello Megan, I ran into and had to fix the same problem myself. The issue is that the TLS connection header that gets pushed out in the JIRA server.xml uses the old Tomcat 5&6 format, and newer versions of JIRA use Tomcat 8.
When I first tried simply setting the sslProtocol to v1.2, our security scans (using Tenable) still showed the JIRA instance offering 1.0 and 1.1.
To fix it, I replaced sslProtocol with the supported Tomcat tag sslEnabledProtocols and then cycled the website.
NOTE: This is all without a proxy.
welcome to the Atlassian Community!
I believe the most important question is if there is a reverse proxy (IIS, Apache or nginx) running in front of Jira - in that case the configuration would have been to adjusted there.
In all other cases (especially if there is no reverse-proxy) the following guide should sort out things:
If it is then still offering TLS 1.0/1.1 please let us know - perhaps any further debug can then happen from the remote (although tricky).
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event