Copy link to clipboard
Copied
Is it possible to use TLSv 1.1 on Coldfusion MX 6.1? If so how can I do it?
Any help would be appreciated.
Thanks,
Joe Klovance
Copy link to clipboard
Copied
TLS will depend on the underlying operating system as well. You will need Windows 7 / 2008 R2 to have it available.
v1.1 is available from Java 1.8 on CF10 and 1.7 on CF 11.
So no is the answer
Copy link to clipboard
Copied
TLS 1.1 is also available on JRE 1.6.0_111. I am also talking a linux install not Windows.
Copy link to clipboard
Copied
I hate to be the party pooper, here, but unless your CF installation is strictly intranet (ie, not public-facing), then you want to seriously consider upgrading to AT LEAST CF10.
MX6 is so old that not only are you missing out on some nice features but you're also gambling with your site/app security. While the *nix platform will help with that, a public-facing MX6 install (really anything less than CF10) could be more vulnerable to malicious activities. Even if you use USG DoD security measures.
Just a thought.
V/r,
^_^
Copy link to clipboard
Copied
Update to 1.6 if you can manage it but as far as Im aware its not supported.
Copy link to clipboard
Copied
It's not... and even if you do update ColdFusion 6, 7, 8 or 9 to the highest Java version and CF patch, it's pretty difficult (or impossible) to force ColdFusion/Java to use newer versions of TLS during the handshake. For example, We were able to configure a higher TLS version in Java, but ColdFusion 9 still automatically used the lowest compatible protocol.
You may want to use CFExecute and use CURL. It also has newer features than CFMX6's CFHTTP and is available for every OS/platform.
Copy link to clipboard
Copied
I noted that you stated you were using Linix, not Windows... but for anyone that visits this post using Windows and ColdFusion 3.1, 4.5, 5, 6, 7, 8, 9, 10, 11 or 2016, I recommending using Abiadata's CFX_HTTP.
FYI: Authorize.Net plans to disable TLS 1.0 and TLS 1.1 by September 18, 2017. This will cause problems for anyone running ColdFusion 3-9 (and potentially CF10.) CFX_HTTP5 has a feature that enables you specify which protocols to use. (We use SSL="5" to force all HTTP Posts to to use TLS1.2.)
Copy link to clipboard
Copied
Movak wrote
Is it possible to use TLSv 1.1 on Coldfusion MX 6.1?
You can answer the question yourself. The earliest version of Java to support TLS 1.1 is 1.6.0_111. So, can you get your Coldfusion MX 6.1 installation to run on Java 1.6.0_111?
Copy link to clipboard
Copied
I worked it out. I had to do the following;
The only problem now is that the script file hangs around. I have tried to use CFFILE action="delete" but I get no errors but the file stays. The file name is the same as when I write the script.
Copy link to clipboard
Copied
ColdFusion likes to maintain locks on files for some weird reason. I used to encounter the same problem when manipulating image files.
Make sure you add a UUID to the filname creating the temporary BAT file. Execute it from a non-publicly accessible temp directory and then schedule another script to delete old files.