Server and Agent Compatibility

Not all combinations of server version and agent version are supported. This is because of an ectool/Perl API communication incompatibility as well as a Diffie-Hellman key size incompatibility.

Diffie-Hellman Key Size Incompatibility

To enable the CloudBees Flow server versions 7.0 or newer to configure Diffie-Hellman cipher suites properly, CloudBees Flow uses OpenSSL-1.0.1T or newer versions with SSLv2 enabled. Because of OpenSSL and JRE changes, the minimum Diffie-Hellman key size requirement is increased to 1024 bits (from 768 bits) as of version 7.0.

Server versions 7.0 or newer use Jetty (a Java HTTP server), which listens on the 8000 (unsecure) and 8443 (secure) ports. Server versions 7.0 or newer use Java 1.8.0_66, in which the ephemeral DH key size defaults to 1024 bits during SSL/TLS handshaking in the SunJSSE provider.

For details on the increase of the key size requirement as of Java 1.6-u101, see the Java release note at https://www.oracle.com/technetwork/java/javase/overview-156328.html#6u101-b31. For details as of Java 1.7-u85, see the Java release note at https://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html.

Because their minimum key size is 1024 bits, agent versions 7.0 or newer can connect only to:

  • Server versions 5.4, 6.0.1, or 6.5 or higher via ectool

  • External applications that require SSL with a minimum key size of 1024 bits

However, CloudBees Flow Automation Platform agents of versions 5.0.6, 5.3, or 5.4 and CloudBees Flow agent versions 6.0.1 or 6.5 or newer can connect to all CloudBees Flow server versions (including 7.0 or newer) via ectool and ec-perl.

CloudBees Flow Automation Platform server versions 5.0.6 or 5.3 or newer can run jobs using all agent versions (including 7.0 or newer). CloudBees Flow server versions 7.0 or newer can run jobs using CloudBees Flow Automation Platform agent versions 5.0.6 or 5.3 or newer.