Copy link to clipboard
Copied
We have our JVM (1.7) set to use TLS1.2 by default, and cfhttp correctly uses that setting, unless we use the clientcert attribute; when the clientcert attribute is used the ClientHello always sends TLSv1. Has anyone else encountered this behavior?
Copy link to clipboard
Copied
This sounds eerily like a TLS issue that was discovered in Lucee. There it turned out that "TLSv1" had been hard-coded in the underlying Java library. So, to be on the safe side, you should report this as a bug. It might help to mention the Lucee link in your report.
Copy link to clipboard
Copied
Thank you BKBK, I have created issue CF-4200073.