ColdFusion 9.0.0 TLSv1.2

Question

I am running ColdFusion 9.0 Hotfix 3. I am trying to get a TLSv1.2 to work for cf_http tag. I started with an upgrade to Java 7 Update 80 and then Java 8 Update 25. Using

Answer 1

I've been blogging about this for a couple years; ever since Authorize.net & PayPal announced SSL upgrades that weren't compatible w/ColdFusion 8 & 9. My workaround has been to use CFX_HTTP5 from Adiabata, Inc. This Windows C++ tag fixes all ColdFusion-related bugs in ColdFusion 3-11. It's "built on WinHttp 5.1 API - native Windows HTTP layer - and, therefore, supports all security and authentication protocols, regardless of whether ColdFusion supports them or not." It also faster and supports up to 64 concurrent/asynchronous requests and client-side certificates. It honors DNS TTL and doesn't require a reboot if a server you access has recently changed IPs. (CFHTTP DNS caching is either "never" or "forever".)

The other reasons I recommend using CFX_HTTP5 is that it 1) works, 2) provides more connection/request options and 3) ensures consistent functionality and behavior across all versions of ColdFusion; EOL and future.

Here's a very basic sample:

<CFX_HTTP5 METHOD="POST"
    URL="https://apitest.authorize.net/xml/v1/request.api"
    HEADERS="Content-Type: text/xml#Chr(13)##Chr(10)#"
    BODY="#xmlString#"
    OUT="RESULT">

<CFIF STATUS NEQ "OK">
    <CFTHROW MESSAGE="#ERRN# #MSG#">
</CFIF>

<CFSET returnedXML = RESULT>