does CPOP/CFIMAP use TLS 1.2 or above in CF2018?

Report · Nov 03, 2021

we have been using cfpop for years to open a mailbox and download attachment/headers.

it started failing last night.....

now exchange provider claims we are not using TLS 1.2

This is what we've been using

Other than CFIMAP or createObject("component", "pop").init() are there any other alternatives to open a mailbox and download headers/attachments?

Thanks

Paolo

Report · Nov 03, 2021

I don't think you have any real alternatives built into CF other than CFPOP/CFIMAP and their createObject equivalents. But CF 2018 comes with Java 11, which should automatically support TLS 1.2 without you having to do anything - in fact, it should prevent you from using older versions! So, I think your Exchange admin is wrong, or Exchange is giving the admin the wrong info, etc.

It's possible that your CF 2018 client doesn't support the ciphers required by the Exchange server. That also seems pretty unlikely to me, but it's possible that the Exchange cipher configuration was manually changed and that's causing the problem.

Solving this might be fairly difficult, but if you install Wireshark and use a standard IMAP client like Thunderbird, you should be able to check the network traffic directly and identify the protocol (TLS 1.2 or 1.3) and the supported ciphers. This might give you some info for the next step, seeing whether CF supports those ciphers.

Dave Watts, Eidolon LLC

Report · Nov 04, 2021

Hi,

the exchange provider confirmed that they dropped support for lower version of TLS like v1.0 and v1.1 and strictly are looking for TLS v1.2.
they go on to say that

"I notice online others have mentioned this issue when using Java lately and it might have to do with the following.
If java tries to connect to us using v1.0 or v1.1 we drop the connection and we do not role up to v1.2 we want the first attempt to be v1.2.
I am not Java proficient but possibly these might help.
System.setProperty("https.protocols", "TLSv1.2");
or
protocol.setProperty("https.protocols", "TLSv1.2");
I also read that when someone updated their mail-1.4.7.jar to mail-1.6.2.jar that seemed to help. "

I tried the above setProperty and it did not work.

Any suggestions?

Report · Nov 09, 2021

Try forcing TLS1.2 in your CF install's JVM arguments. Add these flags:

-Djdk.tls.client.protocols=TLSv1.2 
-Dhttps.protocols=TLSv1.2

Earlier this year we had a problem with CFHTTP failing to connect to an external vendor's API who had added support for TLS1.3, and setting those flags fixed it for us.

Report · Nov 10, 2021

Just run ColdFusion on the latest Java LTS verssion: JDK 11.0.13 or JDK 8u311.

That way you can be sure your application will avoid using TLS 1.0 or 1.1. That is because these TLS versions have been disabled in Java releases from JDK 11.0.11 and JDK 8u291 onwards.

Report · Jul 21, 2022

Hello Paolo, have you been able to solve this?

I am having a similar issue. We use CFIMAP and yesterday stopped working, having the CFTRY CATCH block throwing this error: Logon failure: unknown user name or bad password.

Credentials are good as I can connect to the webmail using the same credentials so I am trying to understand if this could be related to something that has changed in the Exchange server.

Thank you!

Report · Jul 23, 2022

Hi @Dani Szwarc

As I said earlier, TLS versions TLS 1.0 and 1.1 have been disabled in Java releases from JDK 11.0.11 and JDK 8u291 onwards. So you may have problems if any of the servers is on an older Java version.

Report · Jul 28, 2022

I just wanted to highlight that Dani started another question on this issue on the forum. If the POP/IMAP server is Microsoft Office 365 based, then it might be related to server chagnes that were made disabling BASIC authentication. Microsoft is making a strong push to get away from the simple authentication method.

I just wanted to make sure that if anyone ended up on this ticket that they are aware of this other discussion since it might be related. Look for the discussion on: "CFIMAP tag connecting to Exchange: Logon failure: unknown user name or bad password" I know I have started seeing issues with POP and Office365. That being said, the specific issue this user might be having might be unrelated, just wanted to note it.

Matt

Adobe Community

does CPOP/CFIMAP use TLS 1.2 or above in CF2018?