服务器和JRE设置为TLS 1.2,但Coldfusion 9仍尝试使用TLS 1.0 [英] Server and JRE are set to TLS 1.2 but Coldfusion 9 still trying to use TLS 1.0
问题描述
我不确定100%发生了什么,但是我们有一个Coldfusion 9服务器可以连接到网络服务。 Web服务进行了更改,仅允许通过TLS 1.2进行连接。我们认为可以,因为我们将服务器设置为仅使用TLS 1.2,并且将JRE(1.7)设置为使用tls 1.2。但是,在Coldfusion Administrator-> Web服务中,当我尝试刷新Web服务连接时,它仍然尝试通过TLS 1.0(使用wireshark确认)进行连接。
I'm not 100% sure what's going on however we have a Coldfusion 9 server that connects to a web service. the web service has made the changes to only allow connections via TLS 1.2. We thought we were ok because we set the server to only use TLS 1.2 and we set the JRE (1.7) to use tls 1.2. However in the Coldfusion Administrator -> Web services when I try to refresh the web service connection it still tries to connect via TLS 1.0 (confirmed using wireshark). Anyone that is well versed in coldfusion configuration able to point me in the right direction to understand why this is happening?
谢谢
编辑:
推荐答案
跟随 Miguel-F的链接和其他一些链接,我发现CF 9将忽略每个JDK 7版本的 -Dhttps.protocols = TLSv1.2 JDK 7u171 b31 ,然后 JDK 7u181 启用 TLSv1.2 默认情况下(就像 JDK 8 一样)。
Following Miguel-F's link and a few others, I discovered that CF 9 will ignore -Dhttps.protocols=TLSv1.2 for every version of JDK 7 until JDK 7u171 b31, but then JDK 7u181 enables TLSv1.2 by default (just like JDK 8).
唯一的障碍是,任何超过7u80的JDK都必须由Oracle付费支持。我设法找到可以访问的人,并且使用PayPal的TLS测试网站对其进行了很好的测试:
The only hurdle is that any JDK past 7u80 is behind an Oracle paid support wall. I managed to find someone with access and it tested just fine using PayPal's TLS Test site:
< cfhttp url = https:// tlstest .paypal.com / result = test>
< cfdump var =#test# >
这会在TLSv1.2时返回带有 PayPal_Connection_OK 的CFHTTP转储使用连接。
This returns a CFHTTP dump with PayPal_Connection_OK when a TLSv1.2 connection is used.
JDK 8u172也可以与带有所有热修复程序的CF 9.0.2一起使用,但是我宁愿冒险将回归测试跳到下一个主要版本。
JDK 8u172 will also work with CF 9.0.2 w/ all hot fixes, but I'd rather not risk the regression testing jumping to the next major version.
这篇关于服务器和JRE设置为TLS 1.2,但Coldfusion 9仍尝试使用TLS 1.0的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
