CFHTTP and SSL v3
|
View:
New views
4 Messages
—
Rating Filter:
Alert me
|
| < Prev | 1 - 2 | Next > |
 |
RE: CFHTTP and SSL v3
by mkruger@cfwebtools.com
::
Rate this Message:
All right... I just tested this myself and sure enough, CF 5 handles a TLS1.0 connection on a Windows 2000 box. Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Mark Kruger [mailto:mkruger@...] Sent: Wednesday, February 25, 2009 4:12 PM To: cf-talk Subject: RE: CFHTTP and SSL v3 Hmmm.... Very interesting... CF 5 uses an ipswitch com or something to make HTTP connections ... Or is it something native to windows through the stack? -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Amit Talwar [mailto:talwar.amit@...] Sent: Wednesday, February 25, 2009 3:53 PM To: cf-talk Subject: Re: CFHTTP and SSL v3 > I had read it in several blog postings but nothing definitive from > Adobe. I've done some more checking and it appears you are right > about it working for CF7. Now if only the authorize.net test site was > up to date I could test my apps. > > Cheers > > Mike > > >Michael, > > > >I had about concluded that 6 and 7 actually DO support 3.0. Can you > tell me > >what docs indicated otherwise? > > > >-mark > > > > > > > >Mark A. Kruger, CFG, MCSE > >(402) 408-3733 ext 105 > >www.cfwebtools.com > >www.coldfusionmuse.com > >www.necfug.com > > > >I got the same email from Authorize.net. We are using CFMX7 and from > what I > >have read it doesn't support ssl 3.0 via cfhttp. If anyone has a > quick > >solution I'd appreciate it. Likewise if I find one I'll let everyone > know. > > > >Thanks > >Mike I got an email a while ago from Authorize.net that they have set up the test server with ssl 2.0 disabled and only ssl 3.0 enabled. and they provided all the information. To be sure i checked that using serversslsniffer and ssl 2.0 ciphers were disabled. and For SSL 3.0 only 128 bit and above ciphers were supported. So now i have tested one app that i have moved from cf5 to cf8 and it connected fine as expected. :) Now is the strange thing : I tested another app that is in cf5 and is yet to be ported to cf 8.0. Strangely that app also connected fine to the new SSL 3.0 Testing server. This is going above my head now. Docs say cfhttp in cf 5 only supports up to 56 bit. Going by that it should not have connected. Both cf5 app and cf8 apps are on different servers and both have ssl 2.0 disabled anyways. Any ideas?? what going on here. Do i port the other cf5 app?? ~Amit ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319841 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4 |
|
|
Re: CFHTTP and SSL v3
by Casey Dougall-2
::
Rate this Message:
Bringing this back here. Did anyone notice a switch to SSL v3 at authorize.net? I'm curious as well... Is it safe to say we can disable ssl v2 on our servers? I've been googling here a bit but just don't understand as a whole how protocals work, just that they do. Had request from client saying they want to turn ssl 2 off force use of SSL 3 but I don't know how that would effect our website. cfhttp doesn't care about IIS when it makes calls right, that's internal, so would this just be an issue with end users with old web browsers? Casey On Tue, Feb 17, 2009 at 4:46 PM, Mary Jo Sminkey <maryjos@...>wrote: > > Okay, I have a bit of a critical issue as Authorize.Net is apparently > disabling any use of SSL v2.0 and requiring the use of v3.0 (and only giving > us about a month to get ready!) To my knowledge, only ColdFusion 8 even > supports this, and not sure what the support is in Railo and BlueDragon. Is > there any reasonably easy way to do this in CF7 (or even CF6)? I have a LOT > of customers still on CF7 and AuthNet is by far the most popular gateway, > and I need to find them a solution, as upgrading to CF8 may not be a viable > solution for many of them. > > --- > Mary Jo Sminkey > CFWebstore, ColdFusion-based Ecommerce > http://www.cfwebstore.com > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324414 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4 |
|
|
Re: CFHTTP and SSL v3
by Dave Watts
::
Rate this Message:
> cfhttp doesn't care about IIS when it makes calls right, that's internal, so > would this just be an issue with end users with old web browsers? Right. Your IIS settings will only affect your users, not your CFHTTP calls. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324415 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4 |
|
|
RE: CFHTTP and SSL v3
by Che Vilnonis
::
Rate this Message:
I use ANET as well. In laymens terms, the cfhttp call to a https address will still work, correct? But something in IIS will have to be changed? As you can see, I am in the dark and could use some help. ~Che -----Original Message----- From: Casey Dougall [mailto:casey@...] Sent: Thursday, July 09, 2009 3:31 PM To: cf-talk Subject: Re: CFHTTP and SSL v3 Bringing this back here. Did anyone notice a switch to SSL v3 at authorize.net? I'm curious as well... Is it safe to say we can disable ssl v2 on our servers? I've been googling here a bit but just don't understand as a whole how protocals work, just that they do. Had request from client saying they want to turn ssl 2 off force use of SSL 3 but I don't know how that would effect our website. cfhttp doesn't care about IIS when it makes calls right, that's internal, so would this just be an issue with end users with old web browsers? Casey ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324416 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=17837.14401.4 |
| < Prev | 1 - 2 | Next > |
| Free embeddable forum powered by Nabble | Forum Help |
