Upgrade TLS for Enhanced Security in Bamboo Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This article guides you through upgrading the TLS version for Bamboo 9.6.8 on Windows Server 2016, addressing the vulnerabilities of TLS 1.0. It details steps to enable TLS 1.2 or 1.3 for enhanced security.
Product version
The following steps have been validated in Bamboo Data Center 9.6.8 on a Windows Server 2016.
Solution
Prerequisites
Ensure you have administrative access to the Bamboo server.
Backup your current
server.xmlconfiguration file.
Step 1: Check Current TLS Versions
To determine which TLS versions your Bamboo instance currently accepts, use the openssl command. This will help you verify if TLSv1.0 is still in use:
openssl s_client -connect https://your-bamboo-instance:443 -tls1To test other TLS versions, modify the command with the appropriate flag: -tls1_1, -tls1_2, or -tls1_3.
Step 2: Update the server.xml Configuration
To restrict your server to use only TLSv1.2 and TLSv1.3, you need to update the server.xml file. Add the sslEnabledProtocols parameter as shown below:
<Connector
port="8443"
maxThreads="150" minSpareThreads="25"
connectionTimeout="20000"
disableUploadTimeout="true"
acceptCount="100"
enableLookups="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
URIEncoding="UTF-8"
keystorePass="Sanitized by Support Utility"
keystoreFile="Sanitized by Support Utility"
scheme="https" secure="false" SSLEnabled="true"
sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2,TLSv1.3"
clientAuth="false">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>Important Notes:
Ensure you update the
keystorePasswith your actual password.Verify all other parameters to match your server's configuration needs.
Step 3: Restart Bamboo
After updating the configuration, restart your Bamboo server. This will apply the changes, and your server should now only accept connections using TLSv1.2 and TLSv1.3.
Testing
By following these steps, you can enhance the security of your Bamboo server by ensuring it uses the latest TLS protocols. If you encounter any issues, consult your system administrator or refer to the Bamboo documentation for further assistance.
Please be aware that this change could also impact applications installed on Bamboo, so perform a test afterward to ensure everything is functioning as expected.
Was this helpful?