Pete Freitag's Homepage

What versions of Java support TLSv1.3 / TLS 1.3?

Java 8 TLS 1.3 Support

If you are on Java 8 (or 1.8 if you prefer) then you need version 8u261 b12 or greater. This version was released on July 14, 2020....

ColdFusion / CFML has a builtin function that can convert a string or a binary object to a standard Base64 encoded string: toBase64 and you can decode back to a string using toBinary() and toString() or the binaryDecode() function....

The OpenJDK Crypto Roadmap states that TLSv1 and TLSv1.1 will be disabled in OpenJDK releases by default after April 20, 2021. I assume this change also applies to Oracle, and all the JVMs that are derived from OpenJDK....

Here's a bash script that uses osquery to log which files in a specific folder have been modified over a 15 minute period. My use case here wasn't file integrity monitoring, for that you would want to use file events....

Hashicorp Vault is an open source, enterprise grade security vault. It is designed to grant secure access to the secrets that it stores. It can also act as an encryption as a service API....

The builtin CFML function sessionInvalidate() works great for invalidating or clearing a ColdFusion session (CFID/CFTOKEN). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID)....

Jakob Ward recently posted an interesting question to the CFML slack channel:

Is there a point to setting maxlength for a timestamp value in cfqueryparam? Or can this be ignored safely?...

People often download and install the latest version of Java, rather than the latest LTS version of java. In most cases, especially if it is on a server you probably want to be using the LTS version of java....

Thanks to all who attended my talk today on Securing ColdFusion Applications. You can find the slides here....

It would be nice if Windows Server 2019 came with Microsoft Edge Browser, but it still comes with good old IE 11, and on a Windows Server, you have to jump through hoops to let IE download anything due to its default security settings....

Here is a handy trick I saw in some code recently. It turns out you can use a negative integer in the count argument of the left() and right() functions in CFML....

One of the recent changes to Lucee is that no longer allows you to enter an admin password from the web based lucee admin if one had not been set yet....