How to restrict cryptographic protocols used by Bamboo's JMS broker for remote agent communication

Still need help?

The Atlassian Community is here for you.

Ask the community


After securing your remote agents with SSL, further hardening of the JMS broker used by Bamboo for remote agent communication may be desired. The purpose of this guide is to show you how you can restrict the SSL / TLS protocols and Cipher Suites supported by the broker endpoint once SSL has already been enabled.


  1. Shutdown Bamboo
  2. Modify your <bamboo-home>/bamboo.cfg.xml
  3. Add the transport.enabledProtocols property to the transport in the property. The example below enables only TLSv1.2 on the broker:

    <property name="">ssl://;wireFormat.maxInactivityDuration=300000</property>
  4. If restriction of the cipher suite is also required, add the transport.enabledCipherSuites property to the transport. The example below enables only SSL_RSA_WITH_RC4_128_SHA and SSL_DH_anon_WITH_3DES_EDE_CBC_SHA cipher suites.

    <property name="">ssl://;transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA&amp;wireFormat.maxInactivityDuration=300000</property>
  5. Start Bamboo


Bamboo utilizes Apache's ActiveMQ for it's Java Messaging. More can be found about the SSL Transport in Apache's documentation below:

From the documentation:

Any SSLServerSocket option may be set on a TransportConnection via ?transport.XXX,

SSLServerSocket options are documented in the below Java 8 API reference below:

Values for each option can be found in the below Standard Name documentation:

Last modified on Nov 2, 2018

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.