Cfhttp clientcert using tls 1.2

Hi All

I have a case where I need to do a https call using a client cert, at first
this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of
TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made no
difference, is there another way to set the TLS version? the pull request
in the above link seems to hard code the version at “TLSv1”

Regards

GX

Upgrade the version of Java to 1.8 seems to be the common answer.

regards

Mark Drew> On 26 Feb 2016, at 07:23, @mailme.gx wrote:

Hi All

I have a case where I need to do a https call using a client cert, at first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta (lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of TLSv1.2 or greater for secure communication with our Real-time Listings Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made no difference, is there another way to set the TLS version? the pull request in the above link seems to hard code the version at “TLSv1”

Regards

GX


Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com mailto:lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com mailto:lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout.

Hi Mark

I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used

<cfset sVars.info = CreateObject(“java”,
“java.lang.System”).getProperty(“java.runtime.version”) />

It shows version is definatley 1.8.0_73-b02

Regards

GXOn Friday, 26 February 2016 14:05:34 UTC+2, Mark Drew wrote:

Upgrade the version of Java to 1.8 seems to be the common answer.

regards

Mark Drew

On 26 Feb 2016, at 07:23, mail...@gmail.com <javascript:> wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of
TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made no
difference, is there another way to set the TLS version? the pull request
in the above link seems to hard code the version at “TLSv1”

Regards

GX


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

This is the
problem: https://github.com/lucee/Lucee/blob/affb0dd1b9ac87473655a49d4c0fb007559025d5/core/src/main/java/lucee/commons/net/http/httpclient4/HTTPEngine4Impl.java#L356

I’ve created a pull request to fix
this: https://github.com/lucee/Lucee/pull/13

I also have this fix in my local Lucee 4.5 if you’re interested.On Friday, February 26, 2016 at 3:29:14 PM UTC+1, mail...@gmail.com wrote:

another confusing this is the httpclinet library

the lucee 4.5 versions file states tghat
apache-jakarta-commons-httpclient.jar is version 3.0.1

the 5 beta jar filename is
commons-httpclient-3.1.jar

if I search google for “apache-jakarta-commons-httpclient” the first
result is this page: http://hc.apache.org/httpclient-3.x/ this hst been
updated since 2011 and has a notice

End of life

The Commons HttpClient project is now end of life, and is no longer being
developed. It has been replaced by the Apache HttpComponents
http://hc.apache.org/ project in its HttpClient
http://hc.apache.org/httpcomponents-client-ga and HttpCore
http://hc.apache.org/httpcomponents-core-ga/ modules, which offer
better performance and more flexibility.

the latest stable is 4.5 - what joy.I was looking for a example on how to
make a request to a https tls1.2 using a pkcs12 cert or a pem and crt file
but most examples dont match the httpclient version they are more up to
date

GX

On Friday, 26 February 2016 15:56:44 UTC+2, mail...@gmail.com wrote:

Hi Mark

I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used

<cfset sVars.info = CreateObject(“java”,
“java.lang.System”).getProperty(“java.runtime.version”) />

It shows version is definatley 1.8.0_73-b02

Regards

GX

On Friday, 26 February 2016 14:05:34 UTC+2, Mark Drew wrote:

Upgrade the version of Java to 1.8 seems to be the common answer.

regards

Mark Drew

On 26 Feb 2016, at 07:23, mail...@gmail.com wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of
TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made
no difference, is there another way to set the TLS version? the pull
request in the above link seems to hard code the version at “TLSv1”

Regards

GX


Love Lucee? Become a supporter and be part of the Lucee project today! -
http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Here is a patched 4.5.2.018. Just replace this in your lucee-server/patches
folder and restart Lucee

https://dl.dropboxusercontent.com/u/4767772/4.5.2.018.lcoOn Wednesday, March 2, 2016 at 5:54:11 AM UTC+1, mail...@gmail.com wrote:

Thanks Jonathan, That’s Great

If possible I would like to try either version too see if I can get this
to work because now I am resorting to using command line curl.

GX

On Tuesday, 1 March 2016 19:42:42 UTC+2, Jonathan van Zuijlekom wrote:

This is the problem:
https://github.com/lucee/Lucee/blob/affb0dd1b9ac87473655a49d4c0fb007559025d5/core/src/main/java/lucee/commons/net/http/httpclient4/HTTPEngine4Impl.java#L356

I’ve created a pull request to fix this:
https://github.com/lucee/Lucee/pull/13

I also have this fix in my local Lucee 4.5 if you’re interested.

On Friday, February 26, 2016 at 3:29:14 PM UTC+1, mail...@gmail.com wrote:

another confusing this is the httpclinet library

the lucee 4.5 versions file states tghat
apache-jakarta-commons-httpclient.jar is version 3.0.1

the 5 beta jar filename is
commons-httpclient-3.1.jar

if I search google for “apache-jakarta-commons-httpclient” the first
result is this page: http://hc.apache.org/httpclient-3.x/ this hst been
updated since 2011 and has a notice

End of life

The Commons HttpClient project is now end of life, and is no longer
being developed. It has been replaced by the Apache HttpComponents
http://hc.apache.org/ project in its HttpClient
http://hc.apache.org/httpcomponents-client-ga and HttpCore
http://hc.apache.org/httpcomponents-core-ga/ modules, which offer
better performance and more flexibility.

the latest stable is 4.5 - what joy.I was looking for a example on how
to make a request to a https tls1.2 using a pkcs12 cert or a pem and crt
file but most examples dont match the httpclient version they are more up
to date

GX

On Friday, 26 February 2016 15:56:44 UTC+2, mail...@gmail.com wrote:

Hi Mark

I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used

<cfset sVars.info = CreateObject(“java”,
“java.lang.System”).getProperty(“java.runtime.version”) />

It shows version is definatley 1.8.0_73-b02

Regards

GX

On Friday, 26 February 2016 14:05:34 UTC+2, Mark Drew wrote:

Upgrade the version of Java to 1.8 seems to be the common answer.

regards

Mark Drew

On 26 Feb 2016, at 07:23, mail...@gmail.com wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use
of TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it
made no difference, is there another way to set the TLS version? the pull
request in the above link seems to hard code the version at “TLSv1”

Regards

GX


Love Lucee? Become a supporter and be part of the Lucee project today!


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Hi Jonathan

Thanks a ton that worked for me

GXOn Wednesday, 2 March 2016 13:20:19 UTC+2, Jonathan van Zuijlekom wrote:

Here is a patched 4.5.2.018. Just replace this in your
lucee-server/patches folder and restart Lucee

https://dl.dropboxusercontent.com/u/4767772/4.5.2.018.lco

On Wednesday, March 2, 2016 at 5:54:11 AM UTC+1, mail...@gmail.com wrote:

Thanks Jonathan, That’s Great

If possible I would like to try either version too see if I can get this
to work because now I am resorting to using command line curl.

GX

On Tuesday, 1 March 2016 19:42:42 UTC+2, Jonathan van Zuijlekom wrote:

This is the problem:
https://github.com/lucee/Lucee/blob/affb0dd1b9ac87473655a49d4c0fb007559025d5/core/src/main/java/lucee/commons/net/http/httpclient4/HTTPEngine4Impl.java#L356

I’ve created a pull request to fix this:
https://github.com/lucee/Lucee/pull/13

I also have this fix in my local Lucee 4.5 if you’re interested.

On Friday, February 26, 2016 at 3:29:14 PM UTC+1, mail...@gmail.com wrote:

another confusing this is the httpclinet library

the lucee 4.5 versions file states tghat
apache-jakarta-commons-httpclient.jar is version 3.0.1

the 5 beta jar filename is
commons-httpclient-3.1.jar

if I search google for “apache-jakarta-commons-httpclient” the first
result is this page: http://hc.apache.org/httpclient-3.x/ this hst
been updated since 2011 and has a notice

End of life

The Commons HttpClient project is now end of life, and is no longer
being developed. It has been replaced by the Apache HttpComponents
http://hc.apache.org/ project in its HttpClient
http://hc.apache.org/httpcomponents-client-ga and HttpCore
http://hc.apache.org/httpcomponents-core-ga/ modules, which offer
better performance and more flexibility.

the latest stable is 4.5 - what joy.I was looking for a example on how
to make a request to a https tls1.2 using a pkcs12 cert or a pem and crt
file but most examples dont match the httpclient version they are more up
to date

GX

On Friday, 26 February 2016 15:56:44 UTC+2, mail...@gmail.com wrote:

Hi Mark

I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used

<cfset sVars.info = CreateObject(“java”,
“java.lang.System”).getProperty(“java.runtime.version”) />

It shows version is definatley 1.8.0_73-b02

Regards

GX

On Friday, 26 February 2016 14:05:34 UTC+2, Mark Drew wrote:

Upgrade the version of Java to 1.8 seems to be the common answer.

regards

Mark Drew

On 26 Feb 2016, at 07:23, mail...@gmail.com wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use
of TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it
made no difference, is there another way to set the TLS version? the pull
request in the above link seems to hard code the version at “TLSv1”

Regards

GX


Love Lucee? Become a supporter and be part of the Lucee project
today! - http://lucee.org/supporters/become-a-supporter.html

You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Thanks Jonathan, That’s Great

If possible I would like to try either version too see if I can get this to
work because now I am resorting to using command line curl.

GXOn Tuesday, 1 March 2016 19:42:42 UTC+2, Jonathan van Zuijlekom wrote:

This is the problem:
https://github.com/lucee/Lucee/blob/affb0dd1b9ac87473655a49d4c0fb007559025d5/core/src/main/java/lucee/commons/net/http/httpclient4/HTTPEngine4Impl.java#L356

I’ve created a pull request to fix this:
https://github.com/lucee/Lucee/pull/13

I also have this fix in my local Lucee 4.5 if you’re interested.

On Friday, February 26, 2016 at 3:29:14 PM UTC+1, mail...@gmail.com wrote:

another confusing this is the httpclinet library

the lucee 4.5 versions file states tghat
apache-jakarta-commons-httpclient.jar is version 3.0.1

the 5 beta jar filename is
commons-httpclient-3.1.jar

if I search google for “apache-jakarta-commons-httpclient” the first
result is this page: http://hc.apache.org/httpclient-3.x/ this hst been
updated since 2011 and has a notice

End of life

The Commons HttpClient project is now end of life, and is no longer being
developed. It has been replaced by the Apache HttpComponents
http://hc.apache.org/ project in its HttpClient
http://hc.apache.org/httpcomponents-client-ga and HttpCore
http://hc.apache.org/httpcomponents-core-ga/ modules, which offer
better performance and more flexibility.

the latest stable is 4.5 - what joy.I was looking for a example on how to
make a request to a https tls1.2 using a pkcs12 cert or a pem and crt file
but most examples dont match the httpclient version they are more up to
date

GX

On Friday, 26 February 2016 15:56:44 UTC+2, mail...@gmail.com wrote:

Hi Mark

I upgreaded my java version and the results are the same
I ran the following to check the correct java is being used

<cfset sVars.info = CreateObject(“java”,
“java.lang.System”).getProperty(“java.runtime.version”) />

It shows version is definatley 1.8.0_73-b02

Regards

GX

On Friday, 26 February 2016 14:05:34 UTC+2, Mark Drew wrote:

Upgrade the version of Java to 1.8 seems to be the common answer.

regards

Mark Drew

On 26 Feb 2016, at 07:23, mail...@gmail.com wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of
TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made
no difference, is there another way to set the TLS version? the pull
request in the above link seems to hard code the version at “TLSv1”

Regards

GX


Love Lucee? Become a supporter and be part of the Lucee project today!


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com
https://groups.google.com/d/msgid/lucee/b9d8c704-24c2-408b-98b3-7f31a85edd44%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Is this fixed in 4.5.3.018 ?On Friday, 26 February 2016 18:23:39 UTC+11, mail...@gmail.com wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of
TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made no
difference, is there another way to set the TLS version? the pull request
in the above link seems to hard code the version at “TLSv1”

Regards

GX

YesOn Wednesday, June 22, 2016 at 2:59:48 AM UTC+2, Bill Tindal wrote:

Is this fixed in 4.5.3.018 ?

On Friday, 26 February 2016 18:23:39 UTC+11, mail...@gmail.com wrote:

Hi All

I have a case where I need to do a https call using a client cert, at
first this did not work at all until I have across the below fix

https://luceeserver.atlassian.net/browse/LDEV-469

So I tried the same code on the latest beta
(lucee-express-5.0.0.178-BETA.zip) this helped some however I have an issue
with the tls version, the reply from the remote server is:
{ “error_name” : “outdated_tls”, “error_advice”: “We require the use of
TLSv1.2 or greater for secure communication with our Real-time Listings
Service. Your request used TLSv1” }

I tried adding this to JAVA_OPTS -Dhttps.protocols=TLSv1.2 but it made
no difference, is there another way to set the TLS version? the pull
request in the above link seems to hard code the version at “TLSv1”

Regards

GX