Well thank you for writing this. Hopefully it helps others.
On Saturday, December 13, 2014, Wil Genovese jugg...@trunkful.com wrote:
Well you question was one of the reasons I did the research. We had
several clients at CF Webtools and a few at other hosting companies that
needed to know
Wow I could've used this four weeks ago! Haha.
Good article.
On Monday, December 8, 2014, Wil Genovese jugg...@trunkful.com wrote:
I just published blog posts today on how to prevent ColdFusion from
falling back to SSLv3 with CFHTTP.
Well you question was one of the reasons I did the research. We had several
clients at CF Webtools and a few at other hosting companies that needed to know
for sure how CFHTTP and SSL was working.
Regards,
Wil
Sent from a hand held device that autocorrects my typos in a mist humorous
I just published blog posts today on how to prevent ColdFusion from falling
back to SSLv3 with CFHTTP.
http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
http://www.coldfusionmuse.com/index.cfm/2014/12/8/colfusion-jvm-versions-sslv3-tls
Enjoy!
Wil
Wil
if you are on a shared server then it would be an issue for others who are
using SOLR, which would then require the host to roll back to 1.6, which
would then cause your problem again.
Judging by the fact that you said you had to convince them to do this, I
assume it is a shared server, otherwise
I appreciate your feedback Russ. Thank you. From what I've read there does
seem to be a fix to the broken SOLR collections. Have you seen this?
On Wed, Nov 19, 2014 at 10:20 AM, Russ Michaels r...@michaels.me.uk wrote:
if you are on a shared server then it would be an issue for others who are
no I haven't seen it, I even emailed Adobe about it directly and got no
reply
On Wed, Nov 19, 2014 at 9:49 PM, Michael Grant mgr...@modus.bz wrote:
I appreciate your feedback Russ. Thank you. From what I've read there does
seem to be a fix to the broken SOLR collections. Have you seen this?
This is the Adobe bug report about Solr breaking with Java 1.7.0_51 and higher
when sandboxes are enabled. This was just fixed in Update 14 for CF10.
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
wilg...@trunkful.com
www.trunkful.com
On
were on CF9
On Thu, Nov 20, 2014 at 12:16 AM, Wil Genovese jugg...@trunkful.com wrote:
This is the Adobe bug report about Solr breaking with Java 1.7.0_51 and
higher when sandboxes are enabled. This was just fixed in Update 14 for
CF10.
Wil Genovese
Sr. Web Application Developer/
I finally have an update here. After much back and forth and having to
REALLY make a case for why I was able to convince Newtek to update their CF
servers to run Java 1.7 instead of 1.6. This had an immediate positive
result and the SSL handshake was able to proceed properly with TLS.
Thanks to
did you check if SOLR still works after the upgrade ?
On Tue, Nov 18, 2014 at 3:00 PM, Michael Grant mgr...@modus.bz wrote:
I finally have an update here. After much back and forth and having to
REALLY make a case for why I was able to convince Newtek to update their CF
servers to run Java
did you check if SOLR still works after the upgrade ?
Doesn't Solr use a separate JVM?
Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/
Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
(SDVOSB) on GSA Schedule, and
Hi Russ, I don't use SOLR so this isn't an issue for my use case.
On Tue, Nov 18, 2014 at 11:57 AM, Russ Michaels r...@michaels.me.uk wrote:
did you check if SOLR still works after the upgrade ?
On Tue, Nov 18, 2014 at 3:00 PM, Michael Grant mgr...@modus.bz wrote:
I finally have an
Just a heads up to everyone, I'm still waiting to hear back from Newtek about
whether they've reimported the certs and CA cert again. Once I have some news
I'll post back. Thanks again everyone for your guidance.
~|
Order the
The SSL handshake handled by the JVM (though there might be some config
that takes place in the CF engine, not sure), Java 6 supports only TLS 1.0,
java 7 adds support for TLS 1.1 and 1.2. The actual crypto parts of it is
handled by the JCE (java cryptography engine) which if you are running
if upgrading to Java 7 solves the issue, do also note that this also breaks
SOLR on CF9, or rather CF can no longer communicate with SOLR, so none of
your colelctions will be accessible.
I have contacted Adobe about this, but as usual no response, and with CF9
EOL pending I doubt they ever will.
I have a legacy app on CF9 (originally CF7) which uses CFHTTP to make a secure
connection to Chase Paymentech's Orbital payment gateway. I have the SSL's
installed into the Java keystore like I'm supposed to and for about 7 years
this app has been working as expected.
Fast forward to a few
What's preventing it from negotiating to an earlier version of SSL?
Settings in the keystore?
On 10/30/14, 3:36 PM, Michael Grant wrote:
I have a legacy app on CF9 (originally CF7) which uses CFHTTP to make a
secure connection to Chase Paymentech's Orbital payment gateway. I have the
I was able to communicate with their server using TLSv1:
=
jordan@jordan-M61P-S3:~$ curl -v --tlsv1.0 https://orbital1.paymentech.net/
* Hostname was NOT found in DNS cache
* Trying 65.124.118.70...
* Connected to
I don't know. Newtek is the hosting provider. As soon as they disabled ssl3 it
just immediately stopped working. I don't really know what to tell them to do
and I'm not sure they have tried all that hard to find a solution.
Do you know what setting would determine if it negotiated down or not?
Thanks for the reply. Should the cfhttp code I have automatically try tls? Is
this something wrong in the Newtek config?
~|
Order the Adobe Coldfusion Anthology now!
Yes, it should auto-negotiate by default, and honestly, I'm not aware of
a way to turn off auto-negotiation unless you force a specific protocol
(like I did earlier with my curl command).
It's also possible that with your payment providers most recent update
they might have gone from SHA1 to
I'll try that with them, thank you SO much.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
23 matches
Mail list logo
