Bitbucket Cloud has announced a security update to its Transport Layer Security (TLS) configuration, effective July 15, 2024. The update removes support for certain outdated cipher suites, ensuring stronger encryption for HTTPS connections and overall improved platform security.
- Bitbucket ends support for weak TLS cipher suites from July 15, 2024.
- Users must upgrade browsers, Git clients, and CI/CD tools accordingly.
- Change aligns Bitbucket security with broader Atlassian Cloud standards.
What happened
On July 15, 2024, Bitbucket Cloud will update its Transport Layer Security (TLS) settings to disable weaker cipher suites that no longer meet modern security standards. This change affects all HTTPS traffic to Bitbucket, including connections from browsers, Git clients, continuous integration and deployment (CI/CD) systems, APIs, and other linked services.
The update is a proactive security measure rather than a response to any breach or specific issue. Atlassian aims to provide best-in-class security for all its cloud products by ensuring encryption protocols are robust and in line with current best practices.
Why it matters
Disabling support for outdated cipher suites helps prevent potential vulnerabilities that can be exploited by cyber attackers. By enforcing stronger encryption standards, Bitbucket enhances the security of user data, code repositories, and development workflows.
Users need to verify and upgrade their relevant software and systems to support the approved cipher suites. Failure to do so may result in connection failures or interruptions to service. This change also reflects Atlassian’s commitment to maintaining compliance with evolving industry security requirements.
What to watch next
Teams and individual users should audit all tools and environments that connect to Bitbucket to confirm compatibility with the updated TLS configuration. Atlassian will contact specific users based on usage logs if any outdated clients or systems are detected.
Additionally, Bitbucket is gradually migrating to new IP addresses for bitbucket.org starting in August 2023, with completion expected by the end of October 2024. Users should monitor further communications from Atlassian to stay informed about these infrastructure changes and any required actions.