Securing Bitbucket Server (using Tomcat) against Poodle Disabling SSLv3

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Disabling SSLV3 in Bitbucket Server instances utilizing a Tomcat container in order to secure against the Poodle Exploit.

Solution

How To

Bitbucket Server version 5.+

  1. Stop Bitbucket Server

  2. Edit <Bitbucket home directory>/shared/bitbucket.properties

  3. Add the following to the connector:

    1 2 server.ssl.enabled=true server.ssl.enabled-protocols=TLSv1.2,TLSv1.1,TLSv1

  4. Start Bitbucket Server

Bitbucket Server up to version 4.x

  1. Stop Bitbucket Server

  2. Edit <Bitbucket Home Directory>/shared/server.xml

    You'll see:

    Please note these are default values, yours may look different

    server.xml

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 <Connector port="8443" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />

  3. Add the following to the connector:

    1 2 SSLEnabled="true" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"

  4. Start Bitbucket Server

Updated on April 8, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community