cfhttp in CF11 always sends TLSv1 when using client certificate

Forum|Forum|8 years ago
October 27, 2017
1 reply
413 views

We have our JVM (1.7) set to use TLS1.2 by default, and cfhttp correctly uses that setting, unless we use the clientcert attribute; when the clientcert attribute is used the ClientHello always sends TLSv1. Has anyone else encountered this behavior?

This topic has been closed for replies.

BKBK

Community Expert

This sounds eerily like a TLS issue that was discovered in Lucee. There it turned out that "TLSv1" had been hard-coded in the underlying Java library. So, to be on the safe side, you should report this as a bug. It might help to mention the Lucee link in your report.

jdunn_certainAuthor

Participant

Thank you BKBK, I have created issue CF-4200073.

CF-4200073

CF-4200073

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded