I was able to communicate with their server using TLSv1: ================================================================= jordan@jordan-M61P-S3:~$ curl -v --tlsv1.0 https://orbital1.paymentech.net/ * Hostname was NOT found in DNS cache * Trying 65.124.118.70... * Connected to orbital1.paymentech.net (65.124.118.70) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using ECDHE-RSA-AES256-SHA * Server certificate: * subject: C=US; ST=New York; L=New York; O=Chase Paymentech Solutions; OU=Enterprise Web Architecture; CN=orbital1.paymentech.net * start date: 2014-07-03 00:00:00 GMT * expire date: 2015-07-04 23:59:59 GMT * subjectAltName: orbital1.paymentech.net matched * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 International Server CA - G3 * SSL certificate verify ok.
================================================================= TLSv1 is supposedly supported even in CF6, so you should be alright in CF9. I would try re-importing their public KEY and CA into your keystore. Perhaps the key you're using is just too old. Warm Regards, Jordan Michaels Vivio Technologies On 10/30/2014 04:17 PM, .jonah wrote: > > What's preventing it from negotiating to an earlier version of SSL? > Settings in the keystore? > > > On 10/30/14, 3:36 PM, Michael Grant wrote: >> I have a legacy app on CF9 (originally CF7) which uses CFHTTP to make a >> secure connection to Chase Paymentech's Orbital payment gateway. I have the >> SSL's installed into the Java keystore like I'm supposed to and for about 7 >> years this app has been working as expected. >> >> Fast forward to a few days ago and my host disabled SSLv3, as the world has >> been instructed to do to thwart the POODLE vulnerability. The moment they >> did that my app no longer can process transactions. I get the classic >> "COM.Allaire.ColdFusion.HTTPFailure" type error with the message "Connection >> Failure: Status code unavailable". This isn't the typical message of when >> you don't have the cert installed where it says peer could not be >> authenticated. >> >> According to tech support it's only with CF that disabling SSLv3 stops >> communication. Apparently others don't have this issue. >> >> Does anyone know of a work around? I'm not sure if CF9 is the problem or CF >> as a whole. Would upgrading to CF10 help? I'm in a real bind here as the >> client hasn't been able to process ecommerce transactions for a few days now. >> >> Any help is appreciated. >> >> Here's the cfhttp code: >> >> <cfhttp url="https://orbital1.paymentech.net" method="post" >> throwonerror="yes" port="443"> >> <cfhttpparam type="body" value="#transInfo#"><!--- XML request >> var---> >> <cfhttpparam type="header" name="MIME-Version" >> value="1.0"> >> <cfhttpparam type="header" name="Content-type" >> value="application/PTI43"> >> <cfhttpparam type="header" name="Content-length" >> value="#Len(Trim(transInfo))#"> >> <cfhttpparam type="header" name="Content-transfer-encoding" >> value="text"> >> <cfhttpparam type="header" name="Request-number" value="1"> >> <cfhttpparam type="header" name="Document-type" >> value="Request"> >> <cfhttpparam type="header" name="Merchant-id" >> value="#merchantID#"> >> <cfhttpparam type="header" name="Interface-Version" >> value="2.2.0"> >> <cfhttpparam type="header" name="Accept" >> value="application/xml"> >> </cfhttp> >> >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359543 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm