Hi Peter, thanks for the heads up. Mostly we r planning to migrate to Lucee.
On 24 Feb 2017 7:46 am, "Peter Pham" <vdung.pe...@gmail.com> wrote: > We were getting similar error as well and tried to upgrade JRE. > For most parts it was ok. However, I recalled that there was some gotchas > during PDF generation (Can't remember the exact problem) > And eventually we had to roll it back. > If you do try, mind checking if any code running <cfdocument> is still > smoothly. > > P > > > On Wednesday, 15 February 2017 11:42:59 UTC+11, Xiaofeng Liu wrote: >> >> Hi folks, >> >> I know this sounds crazy. A web service API we securely connect to is >> going to disable TLS 1.0 and 1.1 due to the new SSL security standards. >> >> I got a CF9.0.2 box with update level /updates/chf9020001.jar applied. >> It also got java home switched to JRE under JDK 1.7. So it used to work >> without any issue until recently some changes made to the API testing >> environment and I got javax.net.ssl.SSLHandshakeException error during >> hand-shake. >> >> Tried following this article below to set -Dhttps.protocols=TLSv1.2, >> TLSv1.1,TLSv1: >> >> https://www.trunkful.com/index.cfm/2014/12/8/Preventing- >> SSLv3-Fallback-in-ColdFusion >> >> What I have also done is to import the whole chain of the API >> certificates into the keystore under the java in use. >> >> However, just like the author of the above article mentioned, it can >> never go beyond TLSv1 when I make connection to the API. >> >> jrpp-1, WRITE: TLSv1 Handshake, length = 186 >> ........ >> jrpp-1, received EOFException: error >> jrpp-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote >> host closed connection during handshake >> jrpp-1, SEND TLSv1 ALERT: fatal, description = handshake_failure >> jrpp-1, WRITE: TLSv1 Alert, length = 2 >> ........ >> jrpp-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: >> Remote host closed connection during handshake >> >> My understanding is CF9 has reached EOL and it does not officially >> support JDK 1.8 so that does not seem to be an option either. >> >> So I would like to reach out to see if anybody ever got this working on >> CF9 or the only option is to upgrade CF to 11? >> >> I appreciate any thoughts on this. >> >> -- >> Thanks, >> >> Xiaofeng, >> > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cfaussie+unsubscr...@googlegroups.com. > To post to this group, send email to cfaussie@googlegroups.com. > Visit this group at https://groups.google.com/group/cfaussie. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To unsubscribe from this group and stop receiving emails from it, send an email to cfaussie+unsubscr...@googlegroups.com. To post to this group, send email to cfaussie@googlegroups.com. Visit this group at https://groups.google.com/group/cfaussie. For more options, visit https://groups.google.com/d/optout.
