Server has a weak, ephemeral Diffie-Hellman public key
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
JIRA is not accessible in the Chrome latest version and received "Server has a weak, ephemeral Diffie-Hellman public key" error message.
Diagnosis
Environment
- SSL
Cause
JIRA server is using a very weak SSL cipher cause some users couldn't access JIRA through Chrome browser.
Workaround
To workaround the problem, please add the cipher below to disable the weak Diffie-Hellman cipher.
Open
server.xmlvia$JIRA_INSTALL/confdirectory.Add the following to the HTTPS connector port:
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
Reference for more strong cipher settings - Security tools report the default SSL Ciphers are too weakSave it and restart JIRA.