Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

LDAPS with Jira 8.16 not working due to JVM

We have been using LDAPS for authentication with Jira for about 2 years no with no real issues.  After a recent upgrade to 8.16 the LDAP auth stopped working due to SSLHandshakeException.

After trying a variety of troubleshooting, including using SSLPoke and various versions of Java (those bundled with pre-8.16, 8.16, and an independent system installed one) we determined the cause to be something specific to the JVM version itself.

It seems Jira has used 1.8.0_202 from 8.3 through 8.15, but with 8.16 they have updated to using 1.8.0_275 (note: the documentation is wrong about what JVM comes with 8.16, and they are allegedly going to fix that).  The only one that has the issue is the _275 version.

I opened a support case with Atlassian about this, and they have reviewed all my findings, checked with the engineers, etc.  In the end they have confirmed it is something specific to the JVM, and thus outside of the scope of their support duties.  Great.

As a workaround, I swapped in the entire "jre" directory tree from the previous version and it works fine.  I guess I'm not benefiting from any of the JVM security/bugfix updates as a result though, so it's not the best long term solution.

Their best guess is that it's related to a known bug that has arisen from some vulnerability fixes.

 

I'm curious if anyone else using LDAPS has upgraded to 8.16, and whether or not you have run into this issue?

2 answers

1 accepted

1 vote
Answer accepted

So there has been more digging by Atlassian, as well as on our end.

We ended up trying totally new certificates with this newer JRE.  It was a bit of effort, but we got them deployed all around and the LDAPS is now working in Jira under the newer JRE!

I still have no idea what the exact root cause of this issue is, but I can now say that it had something to do with the way those older certificates were generated. Maybe they just happened to work in the older VM due to one of the many security flaws that was patched?

In either case, my issue has been resolved, and hopefully this helps anyone else who may run into a similar problem with their upgrade.

0 votes
Brant Schroeder Community Leader Apr 01, 2021

We will be updating in the next month to 8.16 and I will be able to let you know then.  This is good information to have so thanks for posting.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.16.0
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you