Troubleshooting SSL
SSL issues in TFS4JIRA may be tricky to troubleshoot. This article aims to help support engineers with the initial problem assessment and potential solutions.
General network issues
- Is the customer able to access the Jira instance from the server where the Synchronizer is running?
- Is the Synchronizer server's clock set to UTC?
- Does the customer have any load balancers or proxies between the Synchronizer's server and Jira?
- In case they do, they will need to add the LB/proxy IP address to the web.config file (just before the system.web tag):
<system.net> <defaultProxy useDefaultCredentials="true"> <proxy proxyaddress="http://IP_ADDRESS_OF_YOUR_PROXY" bypassonlocal="true" /> </defaultProxy> </system.net>
- In case they do, they will need to add the LB/proxy IP address to the web.config file (just before the system.web tag):
Intermediate certificates
Sometimes the problem is caused because the machine or VM where the Synchronizer is running is not trusting the corporate security certificate. Ask the customer whether there were any recent changes to the corporate certificate, and make sure they check the following article as well:
Strong encryption
The problem can also be caused if the server is configured to allow .NET applications to use ciphers different than TLS 1.2. The customer can update the registry file to force those applications to use TLS 1.2:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001