Server has a weak, ephemeral Diffie-Hellman public key
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
JIRA is not accessible in the Chrome latest version and received "Server has a weak, ephemeral Diffie-Hellman public key" error message.
Diagnosis
Environment
- SSL
Cause
JIRA server is using a very weak SSL cipher cause some users couldn't access JIRA through Chrome browser.
Workaround
To workaround the problem, please add the cipher below to disable the weak Diffie-Hellman cipher.
Open
server.xml
via$JIRA_INSTALL/conf
directory.Add the following to the HTTPS connector port:
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
Reference for more strong cipher settings - Security tools report the default SSL Ciphers are too weak
Save it and restart JIRA.