tracker issue : CF-3035553

select a category, or use search below
(searches all categories and all time range)
Title:

Bug 72392:(Watson Migration Closure)consistent syntax and support for TLS over all protocol tags

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/

Reporter/Name(from Bugbase): Jochem van Dieten / Jochem van Dieten (Jochem van Dieten)

Created: 07/16/2008

Components: Security, SSL

Versions: 9.0

Failure Type: Unspecified

Found In Build/Fixed In Build: 0000 /

Priority/Frequency: Normal / Unknown

Locale/System: English / Platforms All

Vote Count: 5

Duplicate ID:	CF-3065830

Problem:

consistent syntax and support for TLS over all protocol tags

Currently the support for encrypting protocols in ColdFusion is 
inconsistent and weak. We can use TLS for http if we use the cfhttp tag, 
but not if we cfinvoke a webservice. We can use SSL to encrypt sending 
email, but not cfpop to encrypt receiving email. We can encrypt cfldap 
calls, but only as long as the server we are talking to is old enough to 
still have SSLv2 enabled (which is increasingly rare).
On top of that the syntax between tags is rather inconsistent. For 
cfhttp we have attributes to tell which client certificate to use while 
cfldap with CFSSL_CLIENT_AUTH does not give us that option. For cfmail 
we have to use the usessl attribute, for cfldap the secure attribute and 
for cfexchangeconnection the protocol attribute to indicate we want to 
encrypt it.


I'm sure the request to make all the missing combinations of protocol 
tags and encryption work is already somewhere in the bugtracker, but I 
would also like to see some syntax cleanup and standardization. I think 
all protocol tags should support SSLv3 and TLSv1 out of the box, and 
support SSLv2 if you provide the right JVM argument.
That means the following tags:
- cfexchangeconnection
- cfpop
- cfmail
- cfldap
- cfhttp
- cfinvoke
(I am not including cfftp because that isn't based on SSL.)

And the following attributes:
- clientCert: path to client certificate or variable that contains 
certificate
- clientCertPassword: client certificate password
- secure yes/no: whether to use SSL/TLS with a server certificate
- useTLS yes/no: for those protocols that first open the connection and 
then switch to TLS later and run secure and unsecure over the same port 
(currently POP and SMTP after a STARTTLS command, HTTP after an Upgrade 
header)

Method:


Result:

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3035553

External Customer Info:
External Company:  
External Customer Name: Jochem van Dieten
External Customer Email: 14B70C2D446042B59920157F
External Test Config: 07/16/2008

Attachments:

Comments:

This bug has been voted..
Vote by External U.
24940 | November 10, 2011 10:37:04 AM GMT
This bug has been voted..
Vote by External U.
24941 | November 10, 2011 10:37:05 AM GMT
This bug has been voted..
Vote by External U.
24942 | November 10, 2011 10:37:06 AM GMT
This bug has been voted..
Vote by External U.
24943 | November 10, 2011 10:37:07 AM GMT
Heavily seconded ... that "bug" or lack of features! Fortunately, I found a Java hack to provide SSL to poll GMail with cfpop ...
Vote by External U.
24944 | November 10, 2011 10:37:07 AM GMT