how to disable TLSv1.0/1 for Bitbucket server docker image

Hi all,

how to disable deprecated TLSv1.0 and 1.1 for docker image in compose yml? (and also weak/deprecated ciphers)

It’s stated here https://community.atlassian.com/t5/Bitbucket-questions/How-to-disable-TLS1-0-and-1-1-on-Bitbucket/qaq-p/1038891 what I can implement in a running container (in ../shared/bitbucket.properties), but what about the initial docker compose options? (I guessing some ‘environment’ options need to be set)

1 answer

0 votes

Answer accepted

For most bitbucket.properties entries, the magic of Spring Boot will let you specify equivalent environment variables to apply their configuration.

For example, from the post you linked:

server.ssl.enabled=true
server.ssl.enabled-protocols=TLSv1.2

These can be set as environment variables, by substituting underscores for dots/dashes and using uppercase:

SERVER_SSL_ENABLED=true
SERVER_SSL_ENABLED_PROTOCOLS=TLSv1.2

Set that up in your environment / in your docker compose file and you should be all set!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.