I have a on premise JIRA server, the version is 6.3.15 and jdk1.6.0_24. On Qualys when we did the test, the site rating is B.
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
We are using TLS1.2 and we tried adding ciphers in server.xml as suggested:
<Connector ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA" />
or
However the issue still persists. Can you please advise on this. How to fix this issue.
to be honest - I am not sure the looking on this particular topic is worth the time.
Assuming you are after a good grade in Qualys and/or a secure environment fixing this thing will only a drop on a hot stone - version 6.3.15 is outdated as per now and contains bugs (security relevant) that never will get fixes, as the version reached "end of life".
The better option would be to upgrade to a more recent version.
https://confluence.atlassian.com/adminjiraserver/upgrading-jira-applications-938846936.html
Even if you get the SSL configuration fixed then there will be surely other (valid) reasons why you are getting a downvote in a security assessment. I'd rather go for the whole picture - to be honest.
Regards,
Daniel
I completely agree with Daniel here, you have three options
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.