We were getting similar error as well and tried to upgrade JRE. For most parts it was ok. However, I recalled that there was some gotchas during PDF generation (Can't remember the exact problem) And eventually we had to roll it back. If you do try, mind checking if any code running <cfdocument> is still smoothly.
P On Wednesday, 15 February 2017 11:42:59 UTC+11, Xiaofeng Liu wrote: > > Hi folks, > > I know this sounds crazy. A web service API we securely connect to is > going to disable TLS 1.0 and 1.1 due to the new SSL security standards. > > I got a CF9.0.2 box with update level /updates/chf9020001.jar applied. It > also got java home switched to JRE under JDK 1.7. So it used to work > without any issue until recently some changes made to the API testing > environment and I got javax.net.ssl.SSLHandshakeException error during > hand-shake. > > Tried following this article below to > set -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1: > > > https://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion > > What I have also done is to import the whole chain of the API certificates > into the keystore under the java in use. > > However, just like the author of the above article mentioned, it can never > go beyond TLSv1 when I make connection to the API. > > jrpp-1, WRITE: TLSv1 Handshake, length = 186 > ........ > jrpp-1, received EOFException: error > jrpp-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote > host closed connection during handshake > jrpp-1, SEND TLSv1 ALERT: fatal, description = handshake_failure > jrpp-1, WRITE: TLSv1 Alert, length = 2 > ........ > jrpp-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: > Remote host closed connection during handshake > > My understanding is CF9 has reached EOL and it does not officially support > JDK 1.8 so that does not seem to be an option either. > > So I would like to reach out to see if anybody ever got this working on > CF9 or the only option is to upgrade CF to 11? > > I appreciate any thoughts on this. > > -- > Thanks, > > Xiaofeng, > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
