Difference between revisions of "TLS 1.2 Client Support"
(→ColdFusion) |
(Java 6 TLSv1.2 support correction.) |
||
Line 12: | Line 12: | ||
! style="text-align: center;" | TLS 1.2 Support | ! style="text-align: center;" | TLS 1.2 Support | ||
|- | |- | ||
− | | style="text-align: center;" | | + | | style="text-align: center;" | 6 and earlier |
| style="text-align: center; background-color: Red;" | Not Supported | | style="text-align: center; background-color: Red;" | Not Supported | ||
|- | |- | ||
− | | style="text-align: center;" | | + | | style="text-align: center;" | Java 7 |
| style="text-align: center; background-color: Yellow;" | Supported with | | style="text-align: center; background-color: Yellow;" | Supported with | ||
changes | changes |
Latest revision as of 17:10, 1 March 2018
Wiki for tracking which scripting engines support TLS 1.2 HTTP clients and instructions on how to enable support by changing version, running command, etc.
Contents
PHP (Coming Soon)
ColdFusion
Which versions of Java support TLS 1.2?
Java Version | TLS 1.2 Support |
---|---|
6 and earlier | Not Supported |
Java 7 | Supported with
changes |
Java 8 | Supported |
Note that it's usually best to simply upgrade to Java 8.
Which version of Java does ColdFusion use?
See below for a table of the default Java version for each supported version of ColdFusion
ColdFusion Version | Default Java Version |
---|---|
ColdFusion 10 | Java 6 |
ColdFusion 11 | Java 7 |
ColdFusion 2016 | Java 8 |
You can determine exactly which version of Java you're using with the below code.
<cfoutput>#CreateObject("java", "java.lang.System").getProperty("java.version")#</cfoutput>
The output of this command should look like 1.7.0_51
. In this example, the Java version being used is Java 7 update 51.
On our shared servers, reach out to our support team if you have any questions regarding whether your site is ready for TLS 1.2. Most of our shared servers are already using Java 8, and we're upgrading the rest of them. We intend to have the upgrades done before any TLS 1.2 deadlines.
VPS Hosting
Java 5 and earlier
Please let our support team know that you would like your JVM upgraded to Java 8. Note that a major Java upgrade in ColdFusion requires a few changes that aren't well documented.
Java 6 or Java 7
TLSv1.2 can be enabled with an additional java argument in your jvm.config.
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
This argument will allow ColdFusion to use TLSv1.2, and will keep TLSv1 and TLSv1.1 available for communication with servers that don't yet support TLSv1.2.
Note that it's usually best to simply upgrade to Java 8.
Java 8
Java 8 supports TLS 1.2 without any changes.
ASP.Net
Framework Version | TLS 1.2 Support |
---|---|
2.0-3.5 | Not Supported |
4.0-4.5 | Supported with
changes |
4.6 | Supported |
Framework 2.0-3.5
No TLS 1.2 support. You must update to at least framework version 4.0
Framework 4.0
For ASP.Net 4.0, you can use either of the following two methods to enable TLS 1.2 support:
NOTE: .Net Framework 4.5 or above must be installed for this to work. However, your application can still target Framework 4.0.
- Method one - per application support
C# Code:
System.Net.ServicePointManager.SecurityProtocol |=
(SecurityProtocolType)768 | (SecurityProtocolType)3072;
- Method two - server-wide support via registry change - All of our
shared servers have this enabled
UseStrongCrypto.reg file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
OR
Command Prompt (cmd): reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 reg add HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1
OR
PowerShell: Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1 Set-ItemProperty -Path HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1
Framework 4.5
For ASP.Net 4.5, you can use either of the following two methods to enable TLS 1.2 support:
- Method one - per application support
C# Code:
System.Net.ServicePointManager.SecurityProtocol |=
System.Net.SecurityProtocolType.Tls11 |
System.Net.SecurityProtocolType.Tls12;
- Method two - server-wide support via registry change - All of our
shared servers have this enabled
UseStrongCrypto.reg file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
OR
Command Prompt (cmd): reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 reg add HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1
OR
PowerShell: Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1 Set-ItemProperty -Path HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1
Framework 4.6
ASP.Net 4.6 supports TLS 1.2 without any changes.