We are using CFLDAP to authenticate users from a remote system. The remote system has now shut down SSL 2 and 3 due to the POODLE issue. Is there a way to configure either Coldfusion or Tomcat to use TLS as the outgoing connection?
Asked
Active
Viewed 1,212 times
0
-
1The underlying java *should* support TLSv1 for the connection. If I remember correctly, the exceptions thrown by cfldap are completely unhelpful for determining why the connection failed; can you set up wireshark on a system with the problem and capture the connection handshake to look at what it's doing? – Shane Madden Nov 19 '14 at 20:13
-
It might also make a difference depending on whether CF is running on Windows or Linux. – Katherine Villyard Nov 19 '14 at 20:16
-
We are running on Windows. We're in the process of securing IIS but that is for the incoming connections. CFLDAP is an outgoing connection. – JamesS Nov 19 '14 at 20:27
-
Have you tried disabling SSL2 and 3 via the registry? I know it's an outgoing connection, but... https://technet.microsoft.com/en-us/library/security/3009008.aspx – Katherine Villyard Nov 19 '14 at 20:40
-
1What is the underlying Java version James? I may have an ansewr for you. – Mark A Kruger Nov 19 '14 at 21:22
-
1Those have been disabled for both SSL2 and 3. Server entries have "DisabledByDefault" set to 1 and "Enabled" set to 0. Client entries have only "DisabledByDefault" set to 1. – JamesS Nov 19 '14 at 21:28
-
The server I'm testing on has Java 6 (jre 1.6.0_29) – JamesS Nov 19 '14 at 21:30