Difference between revisions of "TLS 1.2 Client Support"

From Hostek.com Wiki
Jump to: navigation, search
(Created page with "__FORCETOC__ Wiki for tracking which scripting engines support TLS 1.2 HTTP clients and instructions on how to enable support by changing version, running command, etc. ==P...")
 
(Java 6 TLSv1.2 support correction.)
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:
 
==PHP (Coming Soon)==
 
==PHP (Coming Soon)==
  
==ColdFusion (Coming Soon)==
+
==ColdFusion==
 +
===Which versions of Java support TLS 1.2?===
 +
{| class="wikitable"
 +
! style="text-align: center;" | Java Version
 +
! style="text-align: center;" | TLS 1.2 Support
 +
|-
 +
| style="text-align: center;" | 6 and earlier
 +
| style="text-align: center; background-color: Red;" | Not Supported
 +
|-
 +
| style="text-align: center;" | Java 7
 +
| style="text-align: center; background-color: Yellow;" | Supported with
 +
changes
 +
|-
 +
| style="text-align: center;" | Java 8
 +
| style="text-align: center; background-color: Green;" | Supported
 +
|}
 +
'''Note that it's usually best to simply upgrade to Java 8.'''
  
 +
===Which version of Java does ColdFusion use?===
 +
See below for a table of the default Java version for each supported version of ColdFusion
  
 +
{| class="wikitable"
 +
! style="text-align: center;" | ColdFusion Version
 +
! style="text-align: center;" | Default Java Version
 +
|-
 +
| style="text-align: center;" | ColdFusion 10
 +
| style="text-align: center;" | Java 6
 +
|-
 +
| style="text-align: center;" | ColdFusion 11
 +
| style="text-align: center;" | Java 7
 +
|-
 +
| style="text-align: center;" | ColdFusion 2016
 +
| style="text-align: center;" | Java 8
 +
|}
 +
 +
You can determine exactly which version of Java you're using with the below code. <br />
 +
<syntaxhighlight lang="cfm">
 +
<cfoutput>#CreateObject("java", "java.lang.System").getProperty("java.version")#</cfoutput>
 +
</syntaxhighlight>
 +
The output of this command should look like <code>1.7.0_51</code>. In this example, the Java version being used is Java 7 update 51.
 +
 +
===Shared Hosting===
 +
On our shared servers, reach out to our support team if you have any questions regarding whether your site is ready for TLS 1.2. Most of our shared servers are already using Java 8, and we're upgrading the rest of them. We intend to have the upgrades done before any TLS 1.2 deadlines.
 +
 +
===VPS Hosting===
 +
====Java 5 and earlier====
 +
Please let our support team know that you would like your JVM upgraded to Java 8. Note that a major Java upgrade in ColdFusion requires a few changes that aren't well documented.
 +
 +
====Java 6 or Java 7====
 +
TLSv1.2 can be enabled with an additional java argument in your jvm.config. <br />
 +
<code>-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2</code> <br />
 +
This argument will allow ColdFusion to use TLSv1.2, and will keep TLSv1 and TLSv1.1 available for communication with servers that don't yet support TLSv1.2.
 +
 +
'''Note that it's usually best to simply upgrade to Java 8.'''
 +
 +
====Java 8====
 +
Java 8 supports TLS 1.2 without any changes.
  
 
==ASP.Net==
 
==ASP.Net==

Latest revision as of 12:10, 1 March 2018

Wiki for tracking which scripting engines support TLS 1.2 HTTP clients and instructions on how to enable support by changing version, running command, etc.

PHP (Coming Soon)

ColdFusion

Which versions of Java support TLS 1.2?

Java Version TLS 1.2 Support
6 and earlier Not Supported
Java 7 Supported with

changes

Java 8 Supported

Note that it's usually best to simply upgrade to Java 8.

Which version of Java does ColdFusion use?

See below for a table of the default Java version for each supported version of ColdFusion

ColdFusion Version Default Java Version
ColdFusion 10 Java 6
ColdFusion 11 Java 7
ColdFusion 2016 Java 8

You can determine exactly which version of Java you're using with the below code.

<cfoutput>#CreateObject("java", "java.lang.System").getProperty("java.version")#</cfoutput>

The output of this command should look like 1.7.0_51. In this example, the Java version being used is Java 7 update 51.

Shared Hosting

On our shared servers, reach out to our support team if you have any questions regarding whether your site is ready for TLS 1.2. Most of our shared servers are already using Java 8, and we're upgrading the rest of them. We intend to have the upgrades done before any TLS 1.2 deadlines.

VPS Hosting

Java 5 and earlier

Please let our support team know that you would like your JVM upgraded to Java 8. Note that a major Java upgrade in ColdFusion requires a few changes that aren't well documented.

Java 6 or Java 7

TLSv1.2 can be enabled with an additional java argument in your jvm.config.
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
This argument will allow ColdFusion to use TLSv1.2, and will keep TLSv1 and TLSv1.1 available for communication with servers that don't yet support TLSv1.2.

Note that it's usually best to simply upgrade to Java 8.

Java 8

Java 8 supports TLS 1.2 without any changes.

ASP.Net

Framework Version TLS 1.2 Support
2.0-3.5 Not Supported
4.0-4.5 Supported with

changes

4.6 Supported

Framework 2.0-3.5

No TLS 1.2 support. You must update to at least framework version 4.0


Framework 4.0

For ASP.Net 4.0, you can use either of the following two methods to enable TLS 1.2 support:

NOTE: .Net Framework 4.5 or above must be installed for this to work. However, your application can still target Framework 4.0.


  • Method one - per application support


C# Code: System.Net.ServicePointManager.SecurityProtocol |= (SecurityProtocolType)768 | (SecurityProtocolType)3072;

  • Method two - server-wide support via registry change - All of our

shared servers have this enabled


UseStrongCrypto.reg file Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

OR

Command Prompt (cmd): reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 reg add HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1

OR

PowerShell: Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1 Set-ItemProperty -Path HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1


Framework 4.5

For ASP.Net 4.5, you can use either of the following two methods to enable TLS 1.2 support:

  • Method one - per application support


C# Code: System.Net.ServicePointManager.SecurityProtocol |= System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12;

  • Method two - server-wide support via registry change - All of our

shared servers have this enabled


UseStrongCrypto.reg file Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

OR

Command Prompt (cmd): reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 reg add HKLM\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1

OR

PowerShell: Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1 Set-ItemProperty -Path HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 -Name SchUseStrongCrypto -Value 1


Framework 4.6

ASP.Net 4.6 supports TLS 1.2 without any changes.