portal entry

select a category, or use search below
(searches all categories and all time range)

USPS Shipping API Ending TLS 1.1 and TLS 1.0 Support, is your ColdFusion Server Ready?

| View in Portal
May 16, 2018 04:55:04 PM GMT
<p>At CF Webtools we recently went through a round of server upgrades to handle the Authorize.net ending support for older TLS versions. Now USPS, United State Postal Service, is doing the same thing with their Shipping APIs. This is going to be happening for all API’s and most likely all this year as PCI requirements for ending support for TLS 1.1 and older at the end of June 2018. This is according to the PCI Security Standards Council. USPS will […]</p>
<p>The post <a rel="nofollow" href="https://coldfusion.adobe.com/2018/05/usps-shipping-api-ending-tls-1-1-and-tls-1-0-support-is-your-coldfusion-server-ready/">USPS Shipping API Ending TLS 1.1 and TLS 1.0 Support, is your ColdFusion Server Ready?</a> appeared first on <a rel="nofollow" href="https://coldfusion.adobe.com">ColdFusion</a>.</p>
Labels: Blog, cfhttp, ColdFusion, security, ssl, tls 1.2


Linux is fine, I assume as you don't mention it.
Comment by Tom Chiverton
26 | May 10, 2018 10:31:38 AM GMT
Hey, Wil, good stuff. One problem: you refer to a blog post where you said you had a table of SSL/TLS versions supported by CF, but the link (the href) is currently empty. Did you mean this post: https://www.coldfusionmuse.com/index.cfm/2014/12/8/colfusion-jvm-versions-sslv3-tls Note that the same issue is true on the copy of this blog post on your site, also, so you’ll want to fix it in both places. Finally, I just added a pointer to this post in a blog post of my own I just made today, on the question of CF support of Java 9, 10, or 11. More at http://www.carehart.org/blog/client/index.cfm/2018/5/9/on_coldfusion_and_its_support_for_Java_9_10_and_11.
Comment by Charlie Arehart
24 | May 10, 2018 04:08:15 PM GMT
Not really. Older Linux versions that are not updated may not work with TLS 1.2. Additionally Java 1.7 with any ColdFusion version is not going to work with TLS 1.2.
Comment by Wil Genovese
23 | May 10, 2018 05:03:35 PM GMT
Netsuite just turned off sub-1.2 as well.
Comment by Mark Gregory
11 | May 16, 2018 02:16:00 PM GMT
Everyone that wants/needs to be PCI compliant will be disable older TLS and SSL. It's a TLS 1.2+ world!
Comment by Wil Genovese
10 | May 17, 2018 06:20:42 PM GMT
Thanks - fixed
Comment by Wil Genovese
9 | May 18, 2018 08:39:30 PM GMT