Reputation: 323
I am running ColdFusion 9.0 Hotfix 3. I am trying to get a TLSv1.2 to work for cf_http tag. I started with an upgrade to Java 7 Update 80 and then Java 8 Update 25. Using Wireshark it looks like it is still connecting trying TLSv1.0 and the end point will only take TLSv1.2 From what I have read Java 7 and 8 support TLSv1.2, but doesn't seem to be a way to get Cold Fusion to use it. Any ideas?
Windows 2008 32bit
On a side note I know version 9 is old and I am working on upgrading to a new version, but this part came up and needs to be done before we planned to finish the upgrade and testing and upgrading breaks some of the site.
Upvotes: 4
Views: 1093
Reputation: 4475
I've been blogging about this for a couple years; ever since Authorize.net & PayPal announced SSL upgrades that weren't compatible w/ColdFusion 8 & 9. My workaround has been to use CFX_HTTP5 from Adiabata, Inc. This Windows C++ tag fixes all ColdFusion-related bugs in ColdFusion 3-11. It's "built on WinHttp 5.1 API - native Windows HTTP layer - and, therefore, supports all security and authentication protocols, regardless of whether ColdFusion supports them or not." It also faster and supports up to 64 concurrent/asynchronous requests and client-side certificates. It honors DNS TTL and doesn't require a reboot if a server you access has recently changed IPs. (CFHTTP DNS caching is either "never" or "forever".)
The other reasons I recommend using CFX_HTTP5 is that it 1) works, 2) provides more connection/request options and 3) ensures consistent functionality and behavior across all versions of ColdFusion; EOL and future.
Here's a very basic sample:
<CFX_HTTP5 METHOD="POST"
URL="https://apitest.authorize.net/xml/v1/request.api"
HEADERS="Content-Type: text/xml#Chr(13)##Chr(10)#"
BODY="#xmlString#"
OUT="RESULT">
<CFIF STATUS NEQ "OK">
<CFTHROW MESSAGE="#ERRN# #MSG#">
</CFIF>
<CFSET returnedXML = RESULT>
Upvotes: 5