Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-87297

Remove TLSv1.1 and TLSv1.2 as default

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Security
    • None
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Remove TLSv1.1 as it is vulnerable to downgrade attacks since it uses SHA-1 hash to protect exchanged messages' integrity. Even authentication of handshakes is done based on SHA-1, which makes it easier for an attacker to impersonate a server for MITM attacks. This takes precedence as TLSv1.1 has been removed from the server.xml but is still accepted during a vulnerability scan.

      Suggested Solution

      Have as default the secure TLSv1.3, and then add, if needed, TLSv1.1 and TLSv1.2.

      Workaround

      This can be setup as shown in the How to change the SSL/TLS protocols used by Tomcat, but this request will improve the default security.

          Form Name

            [CONFSERVER-87297] Remove TLSv1.1 and TLSv1.2 as default

            There are no comments yet on this issue.

              Unassigned Unassigned
              a10ada9f39c1 betto
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: