Enable TLSv1.2 in Coldfusion
Try adding this switch to your Java args in the /runtime/bin/jvm.config file (the location of this file can vary with the type of your CF install).
-Djavax.net.debug=all Then check the out log (cfusion-out.log in runtime/logs on a standard install) for information on each handshake (outgoing) that it makes. You will likely see some clues there and be able to determine which protocol/level of TLS is reached by SSL connections from the server. This link on diagnosing TLS has some useful tidbits as well - though you will have to figure out how they translate to ColdFusion.
Note that the CPL for Java will be of no use to you here. The JVM is started with it's own config file that details what it can and cannot support. The CPL is going to set up standard INI files that are used by a java client (an application on desktop) but CF runs as a serve instance and won't use that information. I'm not even sure where it is stored :)
The solution was to replace Java 7 with Java 8. Java 8 has the required protocols enabled and set to default automatically.