I am running ColdFusion 9.0 Hotfix 3. I am trying to get a TLSv1.2 to work for cf_http tag. I started with an upgrade to Java 7 Update 80 and then Java 8 Update 25. Using Wireshark it looks like it is still connecting trying TLSv1.0 and the end point will only take TLSv1.2 From what I have read Java 7 and 8 support TLSv1.2, but doesn't seem to be a way to get Cold Fusion to use it. Any ideas?
Windows 2008 32bit
On a side note I know version 9 is old and I am working on upgrading to a new version, but this part came up and needs to be done before we planned to finish the upgrade and testing and upgrading breaks some of the site.
I've been blogging about this for a couple years; ever since Authorize.net & PayPal announced SSL upgrades that weren't compatible w/ColdFusion 8 & 9. My workaround has been to use CFX_HTTP5 from Adiabata, Inc. This Windows C++ tag fixes all ColdFusion-related bugs in ColdFusion 3-11. It's "built on WinHttp 5.1 API - native Windows HTTP layer - and, therefore, supports all security and authentication protocols, regardless of whether ColdFusion supports them or not." It also faster and supports up to 64 concurrent/asynchronous requests and client-side certificates. It honors DNS TTL and doesn't require a reboot if a server you access has recently changed IPs. (CFHTTP DNS caching is either "never" or "forever".)
The other reasons I recommend using CFX_HTTP5 is that it 1) works, 2) provides more connection/request options and 3) ensures consistent functionality and behavior across all versions of ColdFusion; EOL and future.
Here's a very basic sample:
<CFX_HTTP5 METHOD="POST"
URL="https://apitest.authorize.net/xml/v1/request.api"
HEADERS="Content-Type: text/xml#Chr(13)##Chr(10)#"
BODY="#xmlString#"
OUT="RESULT">
<CFIF STATUS NEQ "OK">
<CFTHROW MESSAGE="#ERRN# #MSG#">
</CFIF>
<CFSET returnedXML = RESULT>
来源:https://stackoverflow.com/questions/45383727/coldfusion-9-0-0-tlsv1-2