Skip to main content
R
rwood56847
Participant
October 15, 2018
Question

CF 10 JVM 1.8 not sending TLSV1.2 email to Office 365

  • October 15, 2018
  • 4 replies
  • 1585 views

I have a CF10 server running on Windows 2008 r2. JVM is 1.80_91. I have configured the Mail settings in CFAdmin to our Office 365 instance, I have a relay account we are using configured. When I send test emails they are only TLSv1.0 to Office365. I read a couple of forums and found the Dhttps settings which I have put into Java and JVM in CFAdmin. I restart the CF service and still the test messages are TLSv1.0. I even went into the javacpl.exe and unchecked TLS 1.0 and TLS 1.1 in Advanced.

What am I missing? Based on what I have been reading, this should work correctly.

This topic has been closed for replies.

4 replies

Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
October 21, 2018

rwood56847, are you SURE that you are using Java 1.8? Are you saying that appears as the value in the CF Admin "settings summary" page? Sometimes people judge their JVM version by running that very javacpl.exe you refer to (or opening it from Windows Control Panel), but that's for any jvm implemented as the "public jre" on your machine.

As you may know, one can install another JVM (and of course CF comes with its own), and CF can be told to point to that other jvm. As all of them have a jre/bin/javacpl.exe, its just not clear which one you're referring to for what you modified.

/Charlie (troubleshooter, carehart. org)
BKBK
Community Expert
BKBKCommunity Expert
Community Expert
October 21, 2018

Have you applied the latest updates of ColdFusion 10?

James Moberg
James Moberg
Inspiring
October 16, 2018

The best approach that we've been able to determine when using Windows/IIS (even w/CF10) is to use Windows SMTP Virtual Server and have it relay all mail to your remote mail server.  This will remove any SSL/TLS issues (since none is required locally) and also spool your mail faster & more reliably since CF can always connect to 127.0.0.1.  We then have all outbound email relay from CF to local Windows SMTP Service and then to our outbound SMTP mail server.  (All of our CFMail issues disappeared overnight when we switched to this method.)

We tried using SparkPost's SMTP service, but they use round-robin DNS for their SMTP servers and since the IPs can change at any time, we were frequently restarting the ColdFusion service to force DNS lease renewals.  We tried CFHTTP with their Rest API and encountered the same CF "DNS=FOREVER" issue.  To overcome this using ColdFusion 9 - 2018, we switched to using the Rest API with CFX_HTTP5, a C++ module that honors DNS TTL and has much better SSL support since it uses whatever the regular Windows services is currently able to access.  (This CFX tag been a major game changer and allowed us to continue to access PayPal, Authorize.net, etc using CF10.)

C
carl type3
Legend
October 15, 2018

Hello,

Do you have CF10 configured with tick in Server Settings > Mail > Enable TLS connection to mail server?

You mention Dhttps setting. Is CF JVM configured with -Dhttps.protocols=TLSv1.2 ?

Sorry more questions than answers, Carl.

R
rwood56847Author
Participant
October 16, 2018

Yes I have the checkbox checked to make TLS connections and I have -Dhttps.protocols=TLSv1.2 in the Java and JVM variables section.

Given our current deployment of CF, using Windows SMTP is impractical, sorry.

D
Community Expert
Dave WattsCommunity Expert
Community Expert
October 18, 2018

How about other dedicated SMTP relays on the local network? I've used Apache JAMES for this quite a bit, and it's pretty easy and reliable.

Dave Watts, Fig Leaf Software

Dave Watts, Eidolon LLC
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices