Hi folks, I know this sounds crazy. A web service API we securely connect to is going to disable TLS 1.0 and 1.1 due to the new SSL security standards.
I got a CF9.0.2 box with update level /updates/chf9020001.jar applied. It also got java home switched to JRE under JDK 1.7. So it used to work without any issue until recently some changes made to the API testing environment and I got javax.net.ssl.SSLHandshakeException error during hand-shake. Tried following this article below to set -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1: https://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion What I have also done is to import the whole chain of the API certificates into the keystore under the java in use. However, just like the author of the above article mentioned, it can never go beyond TLSv1 when I make connection to the API. jrpp-1, WRITE: TLSv1 Handshake, length = 186 ........ jrpp-1, received EOFException: error jrpp-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake jrpp-1, SEND TLSv1 ALERT: fatal, description = handshake_failure jrpp-1, WRITE: TLSv1 Alert, length = 2 ........ jrpp-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake My understanding is CF9 has reached EOL and it does not officially support JDK 1.8 so that does not seem to be an option either. So I would like to reach out to see if anybody ever got this working on CF9 or the only option is to upgrade CF to 11? I appreciate any thoughts on this. -- Thanks, Xiaofeng, -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
