How to identify the TLS version Jira uses when connecting as a client

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

The current article applies when Jira performs secure connections through SSL/TLS as a client (such as LDAPS). For Jira inbound SSL/TLS configuration you may follow instructions on Running Jira applications over SSL or HTTPS.

Summary

When connecting as a client Jira will start the SSL handshake based off the current Java it's using, Java 8 enables TLSv1.1 and TLSv1.2 in client mode and uses TLSv1.2 by default. The initial request from the client (Jira) will go as TLSv1.2 and since TLSv1.2 is backward compatible, if destination responds on TLSv1.1, then they both agree on TLSV1.1 going forward.

Logging and Configuration

You can verify the SSL handshake in Jira logs, on Logging and Profiling please add the package org.apache.http set to DEBUG. 

If you wish to restrict TLS versions used by Jira when connecting as a client, you can set the value of the jdk.tls.disabledAlgorithms parameter in <JRE_HOME>/lib/security/java.security.

The current <JRE_HOME> is available at Administration > System > System Support > System Info > java.home. More Info: https://www.java.com/en/configure_crypto.html


Alternatively, you may also add the following startup properties to achieve these settings:

Debug: -Djavax.net.debug=ssl:handshake:verbose

Restrict: -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2




Last modified on Jul 21, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.