Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Office 365 SMTP, TLS 1.0, and Jira

Jason Freeman
Jason Freeman
Contributor
July 19, 2019
In a few months, Office 365 SMTP will no longer support TLS below version 1.2.

We received a report that stated that Jira Service Desk is connecting to SMTP via TLS 1.0.

When will TLS 1.2 and 1.3 be supported?
Answer
Watch
Like Be the first to like this
2256 views

2 answers

2 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 27, 2020

Some additional work is required to get the incoming/outgoing mail in Jira Server to use TLS 1.2, even if you are serving Jira itself over TLS 1.2 exclusively.

For some background on Microsoft's change, here's their article on the deprecation of TLS 1.0 and 1.1 for email connections to Office 365. After June 2020 when TLS 1.0 and 1.1 will be rejected on Microsoft's side, POP3 and IMAP will continue working if they're handled over TLS 1.2.

In Jira Server, some extra configuration is needed to enable TLS 1.2 for incoming and outgoing mail. In order to apply these settings, you'll need to be running Jira on Java 8 or above. If you're not sure about this, you can use Jira's System Information Page to determine which version of Java you're running under. Again, you want Java 8 or above in order to apply these settings. Most installations of Jira should be fine, although you may find Java 7 in very old versions of Jira or servers that were set up a long time ago.

  1. Get ready to add startup parameters to Jira - instructions for Linux and Windows here
  2. Add these two startup flags:
    -Dmail.imaps.ssl.protocols="TLSv1.2"
-Dmail.smtp.ssl.protocols="TLSv1.2"
  3. Restart Jira

After this, Jira should negotiate a TLS 1.2 connection with Office 365!

Cheers,
Daniel

 

Atlassian documentation reference: JIRA Mail initiates TLSv1 connection only 

View More Comments
Jason Freeman
Jason Freeman
Contributor
February 27, 2020

Daniel, I'll be sure to follow those directions.  Thank you.

Just for my own edification: for anyone who uses the built-in version of Java that comes bundled with JSD, is it Java 8+?  The Java that is bundled with JSD is routinely updated when the JSD installation itself is updated, right?

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 27, 2020

We've bundled Java 8 with the installer since at least Jira 7 (Service Desk 3). I've got another answer here where the specific point release versions are listed for some releases. That being said, I would strongly advise using the System Information page in Jira to determine which version of Java that Jira is actually running under. There have been cases where people who installed using the installer found that a previous admin had modified the install to use the operating system's Java instead of the one that came bundled with Jira.

Like
Jason Freeman
Jason Freeman
Contributor
February 27, 2020

Yeah, we will definitely check the page you referenced to be sure. I was asking more because I wanted to be sure that Java was being routinely updated and not something we have to worry about updating ourselves.

Like Daniel Eads likes this
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 27, 2020

That is indeed the case, you'll get updates for the JRE through the installer (assuming nobody has repointed back to system Java).

Like
Reply
0 votes
Thomas Deiler
Thomas Deiler
Community Champion
July 19, 2019

Dear @Jason Freeman ,

this should work pretty well. When you use an actual Java 8 version, TLS 1.2 is supported.

Also have a look here: https://adoptopenjdk.net/release_notes.html

So long

Thomas

View More Comments
Jason Freeman
Jason Freeman
Contributor
July 19, 2019

So the bundled version of Java won't do it? I have to start installing a separate Java install just to send emails?

Like
Thomas Deiler
Thomas Deiler
Community Champion
July 19, 2019

Dear @Jason Freeman ,

you can stay with the bundled as long as you Jira version is bundle with a JDK 8. Adopt Open JDK will be sooner or later the preferred Java distribution due to license issues with Oracle.

So long

Thomas

Like
Jason Freeman
Jason Freeman
Contributor
July 19, 2019

I'm using the latest version of Jira Service Desk. Does it come with version 8?

Like
Thomas Deiler
Thomas Deiler
Community Champion
July 19, 2019

Sure, you are on the save side!

Like
Jason Freeman
Jason Freeman
Contributor
July 19, 2019

Then what setting needs to be set to make it use TLS 1.2 or TLS 1.3?

Like
Thomas Deiler
Thomas Deiler
Community Champion
July 19, 2019

Dear @Jason Freeman ,

normally, when a client is connection against an SSL site, both server and client negotiate TLS version and ciphers. When Office 365 doesn't offer TLS 1.0, then the next version is used.

When nobody changed configured - it should just work.

A good explanation can be found here.

And the release notes of Java 8.

So long

Thomas

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.