Server has a weak, ephemeral Diffie-Hellman public key

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

JIRA is not accessible in the Chrome latest version and received "Server has a weak, ephemeral Diffie-Hellman public key" error message.

 

Diagnosis

Environment

  • SSL

Cause

JIRA server is using a very weak SSL cipher cause some users couldn't access JIRA through Chrome browser. 

Workaround

To workaround the problem, please add the cipher below to disable the weak Diffie-Hellman cipher.

  1. Open server.xml via $JIRA_INSTALL/conf directory.

  2. Add the following to the HTTPS connector port:

    ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

    (info) Reference for more strong cipher settings - Security tools report the default SSL Ciphers are too weak

  3. Save it and restart JIRA.

Last modified on Feb 26, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.