Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

TLS issue when connecting to jira from another app server with Rest Api

wajih zouaoui
Contributor
June 26, 2019

Hello,

 

we have a post-upgrade ( from 7.0.11 to 7.13.1) issue in Jira.

We have an application used to interact with Jira via Rest API for creating auto issues.

Before the upgrade everything works fine and now it's impossible to connect with a log file from the app saying that the connexion has been droped from the dest server.

 

The server used to send the querrys is a Windows 2003 server and we don't know if Jira 7.13.1 can handle the ciphers used by Serv 2003 and the protocol TLS1.0

 

On the HTTPS connector in jira we mentionned the sslprotocol = TLS and i think all the TLS protocols are approved in Jira.

 

In Jira log we found nothing about the root cause ( even when checking in event viewer for windows ).

 

Can you please help us because we are really blocked by this issue.

 

Thanks in advance.

 

Best Regards,

 

 

1 answer

0 votes
Dave Theodore [Coyote Creek Consulting]
Community Champion
June 26, 2019

Are the certificates configured correctly? Check with curl to see if it complains about the certs (you will see the "use -k" message if something is wrong.)  Does your CA have an intermediate certificate? If so, be sure to include that in your configuration.

wajih zouaoui
Contributor
June 27, 2019

Hi Dave,

 

i think that the cert configuration is correct ( i've used the curl and didn't find anything wrong ). For the https connector in jira,we have the root cert, intermediate cert and host cert are all added into the keystore.

the TLS versions 1.0 1.1 1.2 are enable for the HTTPS connector in jira ( because the server used to send the requests is a win server 2003 and it can support only TLS1.0 ).

 

Seeing that this issue occured only after upgrading from 7.0.11 to 7.13.1 is confusing us 

and we don't know if it's a TLS compatibility issue or not.

Dave Theodore [Coyote Creek Consulting]
Community Champion
June 27, 2019

It's unusual to see something so sensitive to these type of ciphers, but it's not impossible.  Can you check with the vendor of the application that connects to see what ciphers they support? If it turns out to be something insecure, you might want to create a dedicated listener with IP whitelisting for this application. That will allow you to be secure for the general public and limit access to the insecure listener to only the REST application.

Suggest an answer

Log in or Sign up to answer
TAGS
atlassian, jira product discovery, jpd premium, product management, idea management, product discovery, jira premium, product planning, atlassian community, product development, roadmap planning, product prioritization, feature management

Introducing Jira Product Discovery Premium ✨

Jira Product Discovery Premium is now available! Get more visibility, control, and support to build products at scale.

Learn more
AUG Leaders

Atlassian Community Events