cfhttp doesn't support TLSv1.3

for 5.3 as well

Ok I did some testing on Lucee 6.0.0.88-SNAPSHOT with getInstance(“TLS”) in use.

I set the java system property:

-Djdk.tls.client.protocols=TLSv1,TLSv1.3,TLSv1.2

And then tried connecting to sites running on TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. It only allowed connecting to TLSv1, TLSv1.3 and TLSv1.2, the connection to the TLSv1.1 failed (yay!).

I also tested this on Lucee 6.0.0.14-SNAPSHOT where I am guessing it had getInstance(“TLSv1.2”) in that case it was ignoring the jdk.tls.client.protocols system property, the only way to get that version to behave was to edit the JVM java security.properties, and use jdk.tls.disabledAlgorithms

It is much easier to use the system properties than to edit the jvm security properties.

Ok, I’m not sure if jdk.tls.client.protocols and jdk.tls.disabledAlgorithms still work with that, if so then I think that is ok.

This site: https://badssl.com/ has a bunch of servers setup to test various aspects of HTTPS. They don’t have one for TLSv3 yet, but they do have:

https://tls-v1-2.badssl.com:1012/

https://tls-v1-1.badssl.com:1011/

https://tls-v1-0.badssl.com:1010/

I went off the table here https://bugs.openjdk.java.net/browse/JDK-8202625