Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Getting TLS error after enabling HTTPS

Tony Lofreso
Tony Lofreso
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 21, 2018

Getting the attached error after enabling SSL over HTTP.

TLS Error.png

Answer
Watch
Like Be the first to like this
898 views

1 answer

0 votes
Edward
Edward
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 21, 2018

Hi Tony,

This error can be caused by a few reasons, two of which would be more common:

  1. IE11 is running in compatibility mode, or it is set to run the document under an earlier version.
  2. There is an issue with the SSL config.

Please try and turn off IE11's compatibility mode if it is enabled. Also, check other machines and even other browsers such as chrome or firefox to see if they get the same or similar error. 

Read through if not already the instructions at "Proxying and securing Bitbucket Server" and confirm your setup is configured correctly.

Thanks,
Edward

View More Comments
Chad Haston
Chad Haston
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 26, 2018

Thank you for the reply Edward! We have followed the instructions located here: https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-with-tomcat-using-ssl-776640127.html

There is one line that is suggested within the bitbucket.properties file that will crash the services when they start: server.ssl.enabled=true

That entry should be: security.require-ssl=true

The service will start and then fail for an 'Incorrect function' in the event logs if the option shown in the documentation link is configured.

Once the service is running per the document and the above change the page loads to what Tony posted above. The error seems like the spring-boot web server is using an older TLS version even though we've tried to force TLSv1.2.

We have created a CSR and provisioned a certificate from our internal CA and thne imported the pkcs12 certificate into the store which has the key, Intermediate cert, and Root cert. Here is the bitbucket.properties file we have configured currently:

server.port=443
security.require-ssl=true
server.ssl.client-auth=need
server.ssl.key-store-type=jks
server.ssl.key-store-provider=SUN
server.ssl.key-alias=tomcatserver.ssl.key-store=C:/Atlassian/ApplicationData/Bitbucket/shared/config/ssl-keystore.p12
server.ssl.key-store-password=<password value>
server.ssl.key-password=<password value>
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2

If we comment out the security.require-ssl=true; the web server is showing the application on the default port of 7990; which proves the application itself is working.

Like
Christian Glockner
Christian Glockner
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 26, 2018

Hi Chad,

In your configuration you state that you only want to enable TLS 1.2, but Internet Explorer is telling you that TLS 1.2 is not enable in IE itself - you'll need to enable that in IE: https://support.freshdesk.com/support/solutions/articles/222861-enabling-tls-1-1-and-tls-1-2-in-internet-explorer

Cheers,

Christian

Premier Support Engineer

Atlassian

Like
Chad Haston
Chad Haston
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 26, 2018

Christian,
Corporate policy already has those enabled, screenshot below:

TLS.png

Like
Christian Glockner
Christian Glockner
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 26, 2018

Hi Chad,

Do you have openssl installed on your machine (or anywhere that can connect to your Bitbucket Server)?

If so, try running openssl s_client -connect svtbitbucket:443  - this will tell you all about the ciphers used by the connection which may help understand better what is going on.

Cheers,

Christian

Premier Support Engineer

Atlassian

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security