Server has a weak, ephemeral Diffie-Hellman public key

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

JIRA is not accessible in the Chrome latest version and received "Server has a weak, ephemeral Diffie-Hellman public key" error message.

(Auto-migrated image: description temporarily unavailable)

Diagnosis

Environment

  • SSL

Cause

JIRA server is using a very weak SSL cipher cause some users couldn't access JIRA through Chrome browser.

Solution

Workaround

To workaround the problem, please add the cipher below to disable the weak Diffie-Hellman cipher.

  1. Open server.xml via $JIRA_INSTALL/conf directory.

  2. Add the following to the HTTPS connector port:

    1 ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"

    ℹ️ Reference for more strong cipher settings - Security tools report the default SSL Ciphers are too weak

  3. Save it and restart JIRA.

Updated on April 8, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community