• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

does CPOP/CFIMAP use TLS 1.2 or above in CF2018?

Community Beginner ,
Nov 03, 2021 Nov 03, 2021

Copy link to clipboard

Copied

we have been using cfpop for years to open a mailbox and download attachment/headers.

it started failing last night.....

now exchange provider claims we are not using TLS 1.2

This is what we've been using 

<cfpop
server = "*.*.*.*"
username = "*****@*****" password = "*******!"
action = "getAll"
name = "qheader"
secure="yes">

 

Other than CFIMAP or  createObject("component", "pop").init() are there any other alternatives to open a mailbox and download headers/attachments?

 

Thanks 

Paolo

 

Views

251

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 03, 2021 Nov 03, 2021

Copy link to clipboard

Copied

I don't think you have any real alternatives built into CF other than CFPOP/CFIMAP and their createObject equivalents. But CF 2018 comes with Java 11, which should automatically support TLS 1.2 without you having to do anything - in fact, it should prevent you from using older versions! So, I think your Exchange admin is wrong, or Exchange is giving the admin the wrong info, etc.

 

It's possible that your CF 2018 client doesn't support the ciphers required by the Exchange server. That also seems pretty unlikely to me, but it's possible that the Exchange cipher configuration was manually changed and that's causing the problem.

 

Solving this might be fairly difficult, but if you install Wireshark and use a standard IMAP client like Thunderbird, you should be able to check the network traffic directly and identify the protocol (TLS 1.2 or 1.3) and the supported ciphers. This might give you some info for the next step, seeing whether CF supports those ciphers.

 

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Nov 04, 2021 Nov 04, 2021

Copy link to clipboard

Copied

Hi,

the exchange provider confirmed that they dropped support for lower version of TLS like v1.0 and v1.1 and strictly are looking for TLS v1.2.
 they go on to say that

"I notice online others have mentioned this issue when using Java lately and it might have to do with the following.
If java tries to connect to us using v1.0 or v1.1 we drop the connection and we do not role up to v1.2 we want the first attempt to be v1.2.
 I am not Java proficient but possibly these might help.
 System.setProperty("https.protocols", "TLSv1.2");
 or
 protocol.setProperty("https.protocols", "TLSv1.2");
 I also read that when someone updated their mail-1.4.7.jar to mail-1.6.2.jar that seemed to help. "

I tried the above setProperty and it did not work.

Any suggestions?

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Nov 09, 2021 Nov 09, 2021

Copy link to clipboard

Copied

Try forcing TLS1.2 in your CF install's JVM arguments.  Add these flags:

-Djdk.tls.client.protocols=TLSv1.2 
-Dhttps.protocols=TLSv1.2

Earlier this year we had a problem with CFHTTP failing to connect to an external vendor's API who had added support for TLS1.3, and setting those flags fixed it for us.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 10, 2021 Nov 10, 2021

Copy link to clipboard

Copied

Just run ColdFusion on the latest Java LTS verssion: JDK 11.0.13 or JDK 8u311.

That way you can be sure your application will avoid using TLS 1.0 or 1.1. That is because these TLS versions have been disabled in Java releases from JDK 11.0.11 and JDK 8u291 onwards.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Jul 21, 2022 Jul 21, 2022

Copy link to clipboard

Copied

Hello Paolo, have you been able to solve this?

I am having a similar issue. We use CFIMAP and yesterday stopped working, having the CFTRY CATCH block throwing this error: Logon failure: unknown user name or bad password.

Credentials are good as I can connect to the webmail using the same credentials so I am trying to understand if this could be related to something that has changed in the Exchange server.

Thank you!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jul 23, 2022 Jul 23, 2022

Copy link to clipboard

Copied

Hi @Dani Szwarc 

As I said earlier, TLS versions TLS 1.0 and 1.1 have been disabled in Java releases from JDK 11.0.11 and JDK 8u291 onwards. So you may have problems if any of the servers is on an older Java version. 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jul 28, 2022 Jul 28, 2022

Copy link to clipboard

Copied

LATEST

I just wanted to highlight that Dani started another question on this issue on the forum.  If the POP/IMAP server is Microsoft Office 365 based, then it might be related to server chagnes that were made disabling BASIC authentication.  Microsoft is making a strong push to get away from the simple authentication method.  

 

I just wanted to make sure that if anyone ended up on this ticket that they are aware of this other discussion since it might be related.  Look for the discussion on:  "CFIMAP tag connecting to Exchange: Logon failure: unknown user name or bad password"  I know I have started seeing issues with POP and Office365.  That being said, the specific issue this user might be having might be unrelated, just wanted to note it.  

 

Matt

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation