Skip to main content
P
pcesana
Participating Frequently
November 3, 2021
Question

does CPOP/CFIMAP use TLS 1.2 or above in CF2018?

  • November 3, 2021
  • 3 replies
  • 700 views

we have been using cfpop for years to open a mailbox and download attachment/headers.

it started failing last night.....

now exchange provider claims we are not using TLS 1.2

This is what we've been using 

<cfpop
server = "*.*.*.*"
username = "*****@*****" password = "*******!"
action = "getAll"
name = "qheader"
secure="yes">

 

Other than CFIMAP or  createObject("component", "pop").init() are there any other alternatives to open a mailbox and download headers/attachments?

 

Thanks 

Paolo

 

    This topic has been closed for replies.

    3 replies

    Dani Szwarc
    Dani Szwarc
    Inspiring
    July 21, 2022

    Hello Paolo, have you been able to solve this?

    I am having a similar issue. We use CFIMAP and yesterday stopped working, having the CFTRY CATCH block throwing this error: Logon failure: unknown user name or bad password.

    Credentials are good as I can connect to the webmail using the same credentials so I am trying to understand if this could be related to something that has changed in the Exchange server.

    Thank you!

    M
    matthewl20646694
    Inspiring
    July 28, 2022

    I just wanted to highlight that Dani started another question on this issue on the forum.  If the POP/IMAP server is Microsoft Office 365 based, then it might be related to server chagnes that were made disabling BASIC authentication.  Microsoft is making a strong push to get away from the simple authentication method.  

     

    I just wanted to make sure that if anyone ended up on this ticket that they are aware of this other discussion since it might be related.  Look for the discussion on:  "CFIMAP tag connecting to Exchange: Logon failure: unknown user name or bad password"  I know I have started seeing issues with POP and Office365.  That being said, the specific issue this user might be having might be unrelated, just wanted to note it.  

     

    Matt

     

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    November 10, 2021

    Just run ColdFusion on the latest Java LTS verssion: JDK 11.0.13 or JDK 8u311.

    That way you can be sure your application will avoid using TLS 1.0 or 1.1. That is because these TLS versions have been disabled in Java releases from JDK 11.0.11 and JDK 8u291 onwards.

    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    November 3, 2021

    I don't think you have any real alternatives built into CF other than CFPOP/CFIMAP and their createObject equivalents. But CF 2018 comes with Java 11, which should automatically support TLS 1.2 without you having to do anything - in fact, it should prevent you from using older versions! So, I think your Exchange admin is wrong, or Exchange is giving the admin the wrong info, etc.

     

    It's possible that your CF 2018 client doesn't support the ciphers required by the Exchange server. That also seems pretty unlikely to me, but it's possible that the Exchange cipher configuration was manually changed and that's causing the problem.

     

    Solving this might be fairly difficult, but if you install Wireshark and use a standard IMAP client like Thunderbird, you should be able to check the network traffic directly and identify the protocol (TLS 1.2 or 1.3) and the supported ciphers. This might give you some info for the next step, seeing whether CF supports those ciphers.

     

    Dave Watts, Eidolon LLC

    Dave Watts, Eidolon LLC
    P
    pcesanaAuthor
    Participating Frequently
    November 4, 2021

    Hi,

    the exchange provider confirmed that they dropped support for lower version of TLS like v1.0 and v1.1 and strictly are looking for TLS v1.2.
     they go on to say that

    "I notice online others have mentioned this issue when using Java lately and it might have to do with the following.
    If java tries to connect to us using v1.0 or v1.1 we drop the connection and we do not role up to v1.2 we want the first attempt to be v1.2.
     I am not Java proficient but possibly these might help.
     System.setProperty("https.protocols", "TLSv1.2");
     or
     protocol.setProperty("https.protocols", "TLSv1.2");
     I also read that when someone updated their mail-1.4.7.jar to mail-1.6.2.jar that seemed to help. "

    I tried the above setProperty and it did not work.

    Any suggestions?

     

    P
    paule12345
    Inspiring
    November 9, 2021

    Try forcing TLS1.2 in your CF install's JVM arguments.  Add these flags:

    -Djdk.tls.client.protocols=TLSv1.2 
-Dhttps.protocols=TLSv1.2

    Earlier this year we had a problem with CFHTTP failing to connect to an external vendor's API who had added support for TLS1.3, and setting those flags fixed it for us.

     

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices