Yes, the latest TLS requirements the payment gateways must comply with require you to upgrade from CF9 to CF11 -- 9 does not support TLS 1.2 which is required. Depending on the SSL certificate (or more specifically, the authority that issued the certificate) you may need to import the certificate into the CF certificate store. There are several thread on certificate importing. Here is an Adobe KB article: Import certificates to Adobe ColdFusion's truststore
I have some projects that still use ColdFusion 8 & 9 (Windows) and am able to connect to everything using CFX_HTTP5. (Adiabata, Inc. - CFX_HTTP5)
In addition, CFX_HTTP5 can:
- Ignore bad certificates. (This happened to me within the last year when a beta API's SSL certificate temporarily expired.)
- Override and force connection using TLS1.2 instead of defaulting TLS1.1.
- Use client certificates using a filepath (versus having to import into Java path and restart ColdFusion.)
- Access multi-domain SAN certificates without throwing an error (No past, current or future issues.)
- Honor DNS Time-To-Live (TTL). (if you are using accessing a cloud service that changes IPs, cached DNS queries auto-expire and the IP is re-queried instead of having to restart ColdFusion to clear the "forever" DNS cache.)
I've since upgraded some web applications to ColdFusion 11. I built in the option to use either CFHTTP or CFX_HTTP5 and I still prefer the performance & feature set of CFX_HTTP5.
Thank you Jamo!
Thank you Steve!