Mary Jo, I think it would be the underlying protocol of Java not the web server - right? Does CF pass an HTTP request back through IIS or apache? I think it accesses the stack using it's own internal libraries. I guess we wait till they have a new test server ready eh?
-mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Mary Jo Sminkey [mailto:[email protected]] Sent: Wednesday, February 18, 2009 8:38 PM To: cf-talk Subject: Re: CFHTTP and SSL v3 >I'm confused.... SSL 3.0 does not necessarily need a client cert - does it? >The connection would still use the public key right? Are you saying >that Auth.net is requiring you to specify the client cert as a part of >the handshake? Mark, I checked with AuthNet and you're right, they are not requiring a client cert. So it looks like this will be a bit less of a concern, assuming that CFHTTP is using the same protocol as the underlying web server (most of which are going to be at least v3.0). It may however still be a problem on some older CF versions, I would expect CF5 might have problems with it. In corresponding with AuthNet, they did say that they will try to roll out the requirement on the test server first so we can check our sites and make sure they are still working, but I don't have a date from them yet on when they expect to be able to do that. --- Mary Jo Sminkey CFWebstore, ColdFusion-based Ecommerce http://www.cfwebstore.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319524 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
