I'm not 100% sure what's going on however we have a Coldfusion 9 server that connects to a web service. the web service has made the changes to only allow connections via TLS 1.2. We thought we were ok because we set the server to only use TLS 1.2 and we set the JRE (1.7) to use tls 1.2. However in the Coldfusion Administrator -> Web services when I try to refresh the web service connection it still tries to connect via TLS 1.0 (confirmed using wireshark). Anyone that is well versed in coldfusion configuration able to point me in the right direction to understand why this is happening?
Thank you
Edit:
Following Miguel-F's link and a few others, I discovered that CF 9 will ignore
-Dhttps.protocols=TLSv1.2
for every version of JDK 7 untilJDK 7u171 b31
, but thenJDK 7u181
enablesTLSv1.2
by default (just likeJDK 8
).The only hurdle is that any JDK past 7u80 is behind an Oracle paid support wall. I managed to find someone with access and it tested just fine using PayPal's TLS Test site:
<cfhttp url="https://tlstest.paypal.com/" result="test">
<cfdump var="#test#">
This returns a CFHTTP dump with
PayPal_Connection_OK
when a TLSv1.2 connection is used.JDK 8u172 will also work with CF 9.0.2 w/ all hot fixes, but I'd rather not risk the regression testing jumping to the next major version.
Upgrade your JDK/JRE to use 1.8 and that will solve this problem.
For basic instructions, read my answer on this question:
How to add TLS 1.2 in cfhttp tag in ColdFusion 10
The CF9 server that I support is running on Server JRE 1.8u172.
Very late answer, but you can't go wrong using cfx_http5. Better than cfhttp in every way.