Problem

When trying to create a Relying Party Trust at your AD FS server, you receive a "The request was aborted: Could not create SSL/TLS secure channel" error message.

Solution

We have experienced this problem happening when the AD FS server and the Java connector of your Atlassian Data Center or Server product have incompatible TLS versions.

To fix this issue, check the TLS versions supported at your AD FS server and adjust accordingly at the Tomcat config file (tomcat-config/server.xml) of your Atlassian product.


Using Tomcat 8.5 config as an example (https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig), you can enable all TLS protocols using the parameters below:

sslProtocol="TLS"
sslEnabledProtocols="all"
CODE

An example of the Java connector would be:

<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="all"/>
CODE