Participating Frequently

Question

CF9.01 CFMAIL not encrypting TLS

Forum|Forum|7 years ago
March 23, 2018
2 replies
2667 views

Patched CF9.01 (save the judgement, it's what I have to support)

Java 1.7-80

Windows 2008 R2

IIS 7.5

SmarterMail 10.7

Server supports TLS 1.1, 1.2 and 1.3.

Typical settings for cfmail are: <cfmail from="#mailfrom#" to="#mailto#" server="mail.mydomain" useTLS="yes" port="2525" subject="Some Subject " type="html"> (Yes, Port 2525 is the TLS smtp port. )

Additionally, the server, use TLS and port are defined in CFAdministrator.

The Message-ID on the non-encrypted email lists a number, then .JavaMail.myservername@mail.mydomainname. Is there some JavaMail setting that needs changed? Or a property that needs to enable TLS?

Problem I'm trying to solve is the red padlock in Gmail that states "x did not encrypt this message". I only get this when I send through CFMail, but NOT when I use the Smartermail webmail interface (sends TLS1.1) or through any other smtp client, such as Outlook (sends TLS1.1).

How can I get the CF9 Application Server to encrypt what it sends so I can get rid of the red padlock?

This topic has been closed for replies.

webdev314027918Author

Participating Frequently

Charlie, you're absolutely right, what could it hurt? And I have that link you cited bookmarked and I re-read it EVERY time I've updated JAVA for 3 years!

So...I downloaded and installed Java 8, but had to revert back to 7.80 as the newer version DID break a lot of other things.

Thanks for the idea; I'll keep searching.
Sadie

D

Dave Watts

Community Expert

If you're using Java 7, you might try adding this switch to your java.args in the JVM configuration screen in CF Administrator:

-Dhttps.protocols=TLSv1.1,TLSv1.2

Dave Watts, Fig Leaf Software

Dave Watts, Eidolon LLC

webdev314027918Author

Participating Frequently

Dave, thanks for that. I forgot to put that in my initial post...I do have that exact argument in the jvm.config file, but without any effect. (In an old post, https://goo.gl/HNuCkH on ColdFusion Muse, Mark Kruger had no luck with it either. ) That's an old link, but then this is old software. Sigh.

Thank you again.

WolfShade

Legend

I'm just guessing but I assume you probably need to update to a more recent version of Java. I've heard a few problems similar to what you describe being fixed by updating Java. Something to do with TLS 1.1, if I remember correctly.

HTH,

^ _ ^

webdev314027918Author

Participating Frequently

@WolfShade, I appreciate the response. Unfortunately, Java 7 is the latest major version supported by CF9.01, and ver 80 is the latest available in the 7 JDK I could download and install yesterday (since that was the version in 2015 when Oracle stopped posting updates to the public for that version).

I suspect it has to do with a repeated mantra I'm seeing about Java 7 (in the earlier versions) disabling TLS1.1 and TLS1.2 by default, whereas in the latest version, 131b (that I do not have access to), both are enabled by default. I've added the argument to enable them in the jvm.config file for ColdFusion, but even ColdFusion Muse has written about how that argument is ignored by CF.

I'll keep searching and testing and post back when I find it. In the meantime, thoughts from any and all.

Sadie

Charlie Arehart

Community Expert

Sadie, just because Java 8 is not supported by CF9 doesn’t mean you can’t use it.

It’s a 5 min job to enable it and see if that fixes it for you (and a 1 minute job to revert back to the old, original JVM), including CF restarts each time. If it DOES solve it, then you can contemplate the bigger picture concerns of updating to Java 8 on CF9 (whether any OTHER code may fail, whether you need to import certificates into the NEW jvm), and so on.

If you DO decide to try to do the update, there are a dozen things you can do wrong that would turn this 5 minute job into a nightmare, leaving you think you need to reinstall CF. It need not be that way. See my blog post:

http://www.carehart.org/blog/client/index.cfm/2014/12/11/help_I_updated_CFs_JVM_and_it_wont_start

/charlie

/Charlie (troubleshooter, carehart. org)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded