Comments on: Java / ColdFusion SSL handshake_failure Fix http://www.ghidinelli.com/2017/01/27/java-coldfusion-ssl-handshake_failure-fix Thu, 01 Jun 2017 18:51:00 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: James Moberg http://www.ghidinelli.com/2017/01/27/java-coldfusion-ssl-handshake_failure-fix/comment-page-1#comment-146244 James Moberg Mon, 30 Jan 2017 18:06:43 +0000 http://www.ghidinelli.com/?p=1725#comment-146244 If using Windows, another option that I prefer regardless of ColdFusion version is CFX_HTTP5. It uses WinHttp 5.1 API, the native Windows HTTP layer, and all SSL certificates are automatically updated with Windows and no restarting is necessary. I also like it because I can force TLS1.2 connections without having to completely disable TLS1.1. (PayPal was going to start requiring TLS1.2 for all HTTPS connections and CF10 couldn't connect.) NOTE: You can also use CURL to override "lowest common denominator SSL" and force an elevated TLS1.2 handshake. If using Windows, another option that I prefer regardless of ColdFusion version is CFX_HTTP5. It uses WinHttp 5.1 API, the native Windows HTTP layer, and all SSL certificates are automatically updated with Windows and no restarting is necessary. I also like it because I can force TLS1.2 connections without having to completely disable TLS1.1. (PayPal was going to start requiring TLS1.2 for all HTTPS connections and CF10 couldn’t connect.)

NOTE: You can also use CURL to override “lowest common denominator SSL” and force an elevated TLS1.2 handshake.

]]>