Copy link to clipboard
Copied
Good Afternoon,
I am a Systems Engineer and need some help. Whenever I disable TLS 1.1 on the ColdFusion 2016 server (running on Windows 2008 R2 Operating System), I can no longer communicate with the SQL Server and receive the enable TLS 1.0 and TLS 1.1 error message instead of the web page.
For Security reasons, we want all communication to be on TLS 1.2. Once I disable TLS 1.1, I cannot even load a webpage on the local ColdFusion Server without receiving the TLS error.
I have asked the Developer to update the SQL JDBC Native Drivers, the CF 2016 Server is using native SQL Server driver v2011.110.7001.00 dated 8/15/2017.
The java version CF 2016 is using is jre 1.8.0_191.
The SQL 2012 Server is using native SQL Server driver v2011.110.7462.06 downloaded on 1/6/2018. SQL Server 2012 Management Studio version is 11.0.7462.6.
From what I have read it keeps pointing me back to the native SQL drivers. I have ensured the Windows side of the servers are 100% up to date with all applicable Windows Updates.
Where else should I be looking? I am not a DBA or Programmer, but I wonder if the issue could be buried somewhere?
Any help would be greatly appreciated.
Copy link to clipboard
Copied
Where do you disable TLS 1.1? Where does the error occur? When you disable TLS 1.1 on the ColdFusion Server and the error appears in the client's browser this does not have to do with the SQL Server. This is a different issue, IMO.
Copy link to clipboard
Copied
Thanks for your help. I disable TLS 1.1 on the Web Server (IIS/CF) and when I open a local IE browser on the same server I receive the error to enable TLS 1.1. Any idea where I should look in ColdFusion?
Copy link to clipboard
Copied
When you say "disable TLS 1.1 on the Web Server (IIS/CF)" what exactly are you doing? That's what Bardnet was asking. It's not clear to me either.
There are a bunch of places where TLS can come into play. IIS can support HTTPS clients using TLS. ColdFusion can, as a client itself, use TLS to connect to various services using tags like CFHTTP, CFMAIL, etc. ColdFusion talks to your database using a JDBC client that's provided with ColdFusion. JDBC clients use a connection string to specify how they talk to the database. I'm not sure what connection string attributes are supported by the built-in JDBC client, but generally you can specify things like encryption etc in there. The SQL Server JDBC client that comes with ColdFusion is from DataDirect Technologies, and they have information here:
SQL Server ODBC Driver for Linux & Windows - DataDirect Connectivity
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
Great, thanks for the info. TLS 1.2 works under IIS, it does not work on the ColdFusion sites which do run calls to the SQL Server using JDBC. I will check out the article above. Thanks