Aha! strongly recommends using Java 8 for JIRA on-premise installations, which requires JIRA version 6.3 and above. This configuration is also recommended by Atlassian.
On-premise JIRA 6.4 or earlier running on Java 7 must upgrade to Java 8 or make JVM configuration changes
On-premise JIRA 5.2 or greater must run at least Java 7 with JVM configuration changes
|JIRA version||Java Version||Required Action|
|5.1 or lower||6||Upgrade JIRA to a supported version with a Java version capable of TLS 1.2. On-premise JIRA running on Java 6 will not be supported after the Aha! TLS changes.|
|5.2 to 6.2||7||
Ensure JIRA uses Java 7 configured to use TLS 1.2 endpoints*
|6.3+||7||Upgrade to Java 8 or ensure JIRA uses Java 7 configured to use TLS 1.2 endpoints*|
|6.3+||8||No action is required. JIRA instances using Java 8 already support TLS 1.2.|
|7.0+||8||No action is required.|
|Atlassian Cloud||N/A||No action is required.|
*Perfect Forward Secrecy with 2048 bit Diffie-Hellman parameters requires Java 8 or Java 7u91+ (Oracle Extended Support only).
Java 7 Configuration
If you are unable to upgrade to Java 8, you will need to ensure that the Java 7 environment that is used to run JIRA is configured with the runtime flags below as documented here.
Testing TLS 1.2 endpoints may be performed using the Paypal tools at https://github.com/paypal/TLS-update#java. Using the Java environment used for running JIRA, perform the following test using the PayPal tools to ensure that you can successfully connect to the Paypay test TLS 1.2 endpoint:
$ java -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -jar TlsCheck.jar
Supported protocol versions: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
Successfully connected to TLS 1.2 endpoint.
Be sure that these runtime flags are being set when running JIRA otherwise TLS 1.2 support is not enabled and will not be able to connect to Aha!
Atlassian instructions for setting Java runtime flags are available here.