Enable TLSv1.2 in Coldfusion
I am currently looking for a way to enable TLSv1.1, TLSv1.2 and not TLSv1 (.0) in java jre. I am running Java 7 jre.
The administrators decided that tlsv1 is no longer secure enough, and since the problems / exploits with SSL2 / SSL3 I have to use TLSv1.1 or TLSv1.2.
I followed several suggestions like http.protocol = TLSv1.2, it didn't work, for SSLContext.getInstance ("TLSv1.2"). However, since the calls are in coldfusion mode, I cannot find a way to use the getInstance or setEnabledProtocols methods as I have no access to the java backend called by the cfobject / cfinvoke methods.
I tried to set these as default using the Java Control Panel, however, these options don't seem to be used outside of applets.
Please let me know if I am missing anything. I'm sure I can write a Java project to handle this if that's not possible, but I would like to exhaust all possible solutions first.
thank
source to share
Try adding this switch to your Java arguments in /runtime/bin/jvm.config (the location of this file may differ depending on your CF installation type).
-Djavax.net.debug=all
Then check the output log (cfusion-out.log at runtime / logs on a standard installation) for information on every handshake (outbound) it does. You will probably see some clues and be able to determine which TLS protocol / layer is being achieved using SSL connections from the server. This link to TLS diagnostics also has some useful tidbits - though you'll have to figure out how they migrate to ColdFusion.
Note that the CPL for Java is useless here. The JVM starts up with its own config file that details what it may and may not support. The CPL is going to set up the standard INI files that are used by the java client (desktop application), but CF is running as a service instance and will not use this information. I'm not even sure where it is stored :)
source to share