We have been using LDAPS for authentication with Jira for about 2 years no with no real issues. After a recent upgrade to 8.16 the LDAP auth stopped working due to SSLHandshakeException.
After trying a variety of troubleshooting, including using SSLPoke and various versions of Java (those bundled with pre-8.16, 8.16, and an independent system installed one) we determined the cause to be something specific to the JVM version itself.
It seems Jira has used 1.8.0_202 from 8.3 through 8.15, but with 8.16 they have updated to using 1.8.0_275 (note: the documentation is wrong about what JVM comes with 8.16, and they are allegedly going to fix that). The only one that has the issue is the _275 version.
I opened a support case with Atlassian about this, and they have reviewed all my findings, checked with the engineers, etc. In the end they have confirmed it is something specific to the JVM, and thus outside of the scope of their support duties. Great.
As a workaround, I swapped in the entire "jre" directory tree from the previous version and it works fine. I guess I'm not benefiting from any of the JVM security/bugfix updates as a result though, so it's not the best long term solution.
Their best guess is that it's related to a known bug that has arisen from some vulnerability fixes.
I'm curious if anyone else using LDAPS has upgraded to 8.16, and whether or not you have run into this issue?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.