ColdFusion 9.0.0 TLSv1.2

Question

I am running ColdFusion 9.0 Hotfix 3. I am trying to get a TLSv1.2 to work for cf_http tag. I started with an upgrade to Java 7 Update 80 and then Java 8 Update 25. Using Wireshark it looks like it is still connecting trying TLSv1.0 and the end point will only take TLSv1.2 From what I have read Java 7 and 8 support TLSv1.2, but doesn't seem to be a way to get Cold Fusion to use it. Any ideas?

Windows 2008 32bit

On a side note I know version 9 is old and I am working on upgrading to a new version, but this part came up and needs to be done before we planned to finish the upgrade and testing and upgrading breaks some of the site.

Answer 1

I've been blogging about this for a couple years; ever since Authorize.net & PayPal announced SSL upgrades that weren't compatible w/ColdFusion 8 & 9. My workaround has been to use CFX_HTTP5 from Adiabata, Inc. This Windows C++ tag fixes all ColdFusion-related bugs in ColdFusion 3-11. It's "built on WinHttp 5.1 API - native Windows HTTP layer - and, therefore, supports all security and authentication protocols, regardless of whether ColdFusion supports them or not." It also faster and supports up to 64 concurrent/asynchronous requests and client-side certificates. It honors DNS TTL and doesn't require a reboot if a server you access has recently changed IPs. (CFHTTP DNS caching is either "never" or "forever".)

The other reasons I recommend using CFX_HTTP5 is that it 1) works, 2) provides more connection/request options and 3) ensures consistent functionality and behavior across all versions of ColdFusion; EOL and future.

Here's a very basic sample:

<CFX_HTTP5 METHOD="POST"
    URL="https://apitest.authorize.net/xml/v1/request.api"
    HEADERS="Content-Type: text/xml#Chr(13)##Chr(10)#"
    BODY="#xmlString#"
    OUT="RESULT">

<CFIF STATUS NEQ "OK">
    <CFTHROW MESSAGE="#ERRN# #MSG#">
</CFIF>

<CFSET returnedXML = RESULT>