-
Suggestion
-
Resolution: Obsolete
-
None
-
None
i have a jira instance set up to only allow incoming TLS1.2 connections, by using this configuration in tomcat:
<Connector
SSLEnabled="true"
acceptCount="100"
clientAuth="false"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
keyAlias="[keyalias]"
keystorePass="[pass]"
keystoreType="JKS"
maxThreads="50"
port="443"
protocol="HTTP/1.1"
scheme="https"
secure="true"
sslProtocol="TLSv1.2"
sslEnabledProtocols="TLSv1.2"
ciphers="TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"/>
i then proceeded to install stash and attempt to connect it to jira during stash setup.
even though i filled in the correct details (jira address, admin user and pass) i kept getting "There doesn't seem to be a running JIRA server (version 4.3 or later) at this URL"
after adding -Djavax.net.debug=ssl to the shash command line i saw that what happened is that stash is attempting to initiate a TLSv1 client connection to jira. jira, in turn, is configured to only allow 1.2 and the connection fails.
java 7 (which is the minimum requirement for stash) has tls 1.2 client functionality, its just disabled by default.
it would be nice to be able to configure this when connecting to jira to avoid the need to downgrade security on jira to get stash integration working.
