Error 502 after disabling TLS 1.0/1.1
Hello.
We have Teamcity version 2020.1.5 (build 78938), installed on windows 2016 server. After disabling TLS 1.0 and 1.1 I get error 502 when trying to access to the web-interface. Enabling TLS 1.0 and 1.1 back is fixing this problem but I need TLS 1.2 to be used. I can't find anything about supporting versions of TLS or how to enable/disable different versions except some topics concerning SMTP. So, do I need to do something special to enable TLS 1.2 or Teamcity support it just out of the box?
Please sign in to leave a comment.
TeamCity does not enforce or restrict TLS versions, they are managed by the jvm version you are using, so the most likely cause for the issue is that you are either using an old JDK/JRE or some additional service is trying to use it and fails. Newer versions of the JRE (11.0.11 and beyond) have disabled TLS 1.0 and 1.1 by default and work completely fine with teamcity. TeamCity should also not respond with 502, as that's a proxy based error. It seems your proxy is trying to forward the connections to and from teamcity and something is failing in the process. It might be due to teamcity, but with just the "502" description, we can only point that fact out.
If you want to look for more information, the proxy logs and teamcity-server.log will probably have more details about the errors.