I have same problem, I can't seem to find fix or work around
Seems related to something in this post:
ColdFusion loads "com.rsa.jsafe.provider.JsafeJCE" as the default security provider at startup. Perhaps there is something wrong with this provider like the “BC” provider mentioned in the link. Working with that info, I was able to dump my providers into an array where the first array position represents the default provider and shows JsafeJCE as the default:
<cfset providerMethods = CreateObject('java','java.security.Security')>
You can dump the providers:
I then made a copy of the provider like:
<cfset jSafeProvider = providerMethods.getProvider('JsafeJCE')>
I then removed it from the provider array:
I then made my sFTP call and this time it was successful.
I then put the provider back into the array in position 1 – the default:
I can’t say I know exactly what’s wrong and I certainly don’t want to remove the JsafeJCE provider from the default position for forever. I’ll let Adobe come up with a true fix, but for now, this provides me with a work-around so I can use sFTP. I’m sure JsafeJCE is used/required for some other encryption, so you’ll have to watch for other issues while it’s not part of the provider array. The quicker you can get it out/in, probably the better. My sFTP only runs a few times, so I feel OK with the possible side effects. Maybe someone can take it from here and find a better solution and not a simple work-around.