TLS version supported by Jenkins core

Issue

When setting up Jenkins® to operate over TLS, which versions of the protocol are supported?

Environment

CloudBees CI on traditional platforms - operations center
CloudBees CI on traditional platforms - client controller
Jenkins®

Resolution

Since Jenkins 2.61 and 2.73.1, the Jetty version used in Jenkins doesn’t support versions 1.0 or 1.1 of the TLS protocol. Because of this, any reverse proxy not supporting the version 1.2 will make your instance unreachable. You will still be able to reach the instance by bypassing the reverse proxy.

There are two solutions for this problem:

upgrade your reverse proxy to support the version 1.2 of TLS protocol,
use HAProxy or another reverse proxy to serve the TLS encryption and let Jenkins serve an un-encrypted protocol,

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.