Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-24515

JIRA should support the use of TLS - SNI

XMLWordPrintable

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Transport Layer Security - Server Name Indication (RFC4366) is a commonly used mechanism to allow for multiple domains to be hosted on a single server. When gadgets (and I assume trusted apps as well) connect to these hosts the server name is not sent, so connection fails. This is due to Apache HttpClient not yet having support for TLS SNI.

          Form Name

            [JRASERVER-24515] JIRA should support the use of TLS - SNI

            Michael Andreacchio added a comment -

            As of 2015-09-24 the request for Bamboo to support SNI has actually been resolved BAM-16239 this was released in Bamboo 5.10.0.

            Michael - Atlassian.

            Michael Andreacchio added a comment - As of 2015-09-24 the request for Bamboo to support SNI has actually been resolved BAM-16239 this was released in Bamboo 5.10.0 . Michael - Atlassian.

            David Black added a comment -

            purchasing8 Bamboo does not yet support SNI. There is an open issue, BAM-16239, to add SNI support to Bamboo.

            David Black added a comment - purchasing8 Bamboo does not yet support SNI. There is an open issue, BAM-16239 , to add SNI support to Bamboo.

            Inavero Purchasing added a comment -

            So was SNI only fixed for JIRA? I can create an SSL (with SNI) applink from JIRA to our Bamboo instance, but I can't create the reciprocal link from Bamboo to JIRA, failing with the error:

            com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

            Inavero Purchasing added a comment - So was SNI only fixed for JIRA? I can create an SSL (with SNI) applink from JIRA to our Bamboo instance, but I can't create the reciprocal link from Bamboo to JIRA, failing with the error: com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

            Minh Tran added a comment - - edited

            Hi rob.kearey,

            This affects to Confluence as well. We already had a ticket to trace this issue https://jira.atlassian.com/browse/CONF-37582

            Thanks,
            Minh Tran
            Confluence BugMaster
            Atlassian

            Minh Tran added a comment - - edited Hi rob.kearey , This affects to Confluence as well. We already had a ticket to trace this issue https://jira.atlassian.com/browse/CONF-37582 Thanks, Minh Tran Confluence BugMaster Atlassian

            robk added a comment -

            Would this not affect Confluence also, or does that have the updated library?

            robk added a comment - Would this not affect Confluence also, or does that have the updated library?

            Gaetano Giunta added a comment -

            +1

            I just spent 3 days trying to fix the gadgets not appearing for our Jira dashboards.

            This should not only be fixed, but CLEARLY DOCUMENTED in the online manual where it says how to set up jira behind an https proxy

            Gaetano Giunta added a comment - +1 I just spent 3 days trying to fix the gadgets not appearing for our Jira dashboards. This should not only be fixed, but CLEARLY DOCUMENTED in the online manual where it says how to set up jira behind an https proxy

            Jaco van Tonder added a comment -

            Hello guys,

            I am happy to see some traction here.

            cnortje: Would I be wrong to assume that this will be fixed in all application links, including Stash, Confluence, Bamboo and Fisheye/Crucible?

            Thanks,
            ---Jaco

            Jaco van Tonder added a comment - Hello guys, I am happy to see some traction here. cnortje : Would I be wrong to assume that this will be fixed in all application links, including Stash, Confluence, Bamboo and Fisheye/Crucible? Thanks, ---Jaco

            Tilo Klessen added a comment -

            +1

            Learned the hard way that SNI does not work with application links. Spent about three weeks and lots of hours. On the other hand: learned a lot about Java Keystores, openssl, SNI, apache, tomcat, mod_proxy and mod_rewrite. sprinkled with a little dns-sec and some vpn-tunneling...

            Tilo Klessen added a comment - +1 Learned the hard way that SNI does not work with application links. Spent about three weeks and lots of hours. On the other hand: learned a lot about Java Keystores, openssl, SNI, apache, tomcat, mod_proxy and mod_rewrite. sprinkled with a little dns-sec and some vpn-tunneling...

            Alex Christopher added a comment - - edited

            +1

            This make a lot of sense now. I have raised many issues before, why app link wasnt working. Atlassian support never was able to solve the problem and they didnt know it was SNI related.

            Alex Christopher added a comment - - edited +1 This make a lot of sense now. I have raised many issues before, why app link wasnt working. Atlassian support never was able to solve the problem and they didnt know it was SNI related.

            Merritt Krakowitzer added a comment -

            +1

            Merritt Krakowitzer added a comment - +1

              pklimkowski@atlassian.com Piotr Klimkowski (Inactive)
              jwinters tier-0 grump
              Votes:
              46 Vote for this issue
              Watchers:
              49 Start watching this issue

                Created:
                Updated:
                Resolved: