We have our JVM (1.7) set to use TLS1.2 by default, and cfhttp correctly uses that setting, unless we use the clientcert attribute; when the clientcert attribute is used the ClientHello always sends TLSv1. Has anyone else encountered this behavior?
This sounds eerily like a TLS issue that was discovered in Lucee. There it turned out that "TLSv1" had been hard-coded in the underlying Java library. So, to be on the safe side, you should report this as a bug. It might help to mention the Lucee link in your report.
2
Replies
AdChoices