cfhttp clientcert using tls 1.2
383 views
Skip to first unread message
mail...@gmail.com
Feb 26, 2016, 2:23:39 AM2/26/16
to Lucee
Hi All
I have a case where I need to do a https call using a client cert, at first this did not work at all until I have across the below fix
https://luceeserver.atlassian.net/browse/LDEV-469
So I tried the same code on the latest beta (lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue with the tls version, the reply from the remote server is:
{ "error_name" : "outdated_tls", "error_advice": "We require the use of TLSv1.2 or greater for secure communication with our Real-time Listings Service. Your request used TLSv1" }
I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made no difference, is there another way to set the TLS version? the pull request in the above link seems to hard code the version at "TLSv1"
Regards
GX
I have a case where I need to do a https call using a client cert, at first this did not work at all until I have across the below fix
https://luceeserver.atlassian.net/browse/LDEV-469
So I tried the same code on the latest beta (lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue with the tls version, the reply from the remote server is:
{ "error_name" : "outdated_tls", "error_advice": "We require the use of TLSv1.2 or greater for secure communication with our Real-time Listings Service. Your request used TLSv1" }
I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made no difference, is there another way to set the TLS version? the pull request in the above link seems to hard code the version at "TLSv1"
Regards
GX
Mark Drew
Feb 26, 2016, 7:05:34 AM2/26/16
to lucee
Upgrade the version of Java to 1.8 seems to be the common answer.
regards
Mark Drew
--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
mail...@gmail.com
Feb 26, 2016, 8:56:44 AM2/26/16
to Lucee
Hi Mark
I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used
<cfset sVars.info = CreateObject("java", "java.lang.System").getProperty("java.runtime.version") />
It shows version is definatley 1.8.0_73-b02
Regards
GX
I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used
<cfset sVars.info = CreateObject("java", "java.lang.System").getProperty("java.runtime.version") />
It shows version is definatley 1.8.0_73-b02
Regards
GX
mail...@gmail.com
Feb 26, 2016, 9:29:14 AM2/26/16
to Lucee
another confusing this is the httpclinet library
the lucee 4.5 versions file states tghat
apache-jakarta-commons-httpclient.jar is version 3.0.1
the 5 beta jar filename is
commons-httpclient-3.1.jar
if I search google for "apache-jakarta-commons-httpclient" the first result is this page: http://hc.apache.org/httpclient-3.x/ this hst been updated since 2011 and has a notice
the latest stable is 4.5 - what joy.I was looking for a example on how to make a request to a https tls1.2 using a pkcs12 cert or a pem and crt file but most examples dont match the httpclient version they are more up to date
GX
the lucee 4.5 versions file states tghat
apache-jakarta-commons-httpclient.jar is version 3.0.1
the 5 beta jar filename is
commons-httpclient-3.1.jar
if I search google for "apache-jakarta-commons-httpclient" the first result is this page: http://hc.apache.org/httpclient-3.x/ this hst been updated since 2011 and has a notice
End of life
The Commons HttpClient project is now end of life, and is no longer being developed. It has been replaced by the Apache HttpComponents project in its HttpClient and HttpCore modules, which offer better performance and more flexibility.
GX
Jonathan van Zuijlekom
Mar 1, 2016, 12:42:42 PM3/1/16
to Lucee
This is the problem: https://github.com/lucee/Lucee/blob/affb0dd1b9ac87473655a49d4c0fb007559025d5/core/src/main/java/lucee/commons/net/http/httpclient4/HTTPEngine4Impl.java#L356
I've created a pull request to fix this: https://github.com/lucee/Lucee/pull/13
I also have this fix in my local Lucee 4.5 if you're interested.
mail...@gmail.com
Mar 1, 2016, 11:54:11 PM3/1/16
to Lucee
Thanks Jonathan, That's Great
If possible I would like to try either version too see if I can get this to work because now I am resorting to using command line curl.
GX
If possible I would like to try either version too see if I can get this to work because now I am resorting to using command line curl.
GX
Jonathan van Zuijlekom
Mar 2, 2016, 6:20:19 AM3/2/16
to Lucee
Here is a patched 4.5.2.018. Just replace this in your lucee-server/patches folder and restart Lucee
mail...@gmail.com
Mar 2, 2016, 6:54:32 AM3/2/16
to Lucee
Hi Jonathan
Thanks a ton that worked for me
GX
Thanks a ton that worked for me
GX
Bill Tindal
Jun 21, 2016, 8:59:48 PM6/21/16
to Lucee
Is this fixed in 4.5.3.018 ?
Jonathan van Zuijlekom
Jun 24, 2016, 6:00:46 AM6/24/16
to Lucee
Yes
Reply all
Reply to author
Forward
0 new messages