Copy link to clipboard
Copied
I am using CF10 and have been working on an application that connects to a secure server using cfhttp. It was working fine but then the host moved their application to a Windows server 2012 box using IIS8 with SNI enabled and now I cannot connect.
After reviewing the Internet I found that CF has a bug; # 3598342 registered in its Adobe bug database and that it has “apparently” been fixed with upgrade 14 for CF10. I actually applied upgrade 15 so am now running build 10,0,15,292620 and java version 1.7.0_15.
However, after completing this upgrade and ensuring that the server’s SSL certificate is installed in the CF certificate store, I still cannot connect to the SNI enabled server using cfhttp.
I'm not sure where to go from here. Am I missing something? Any guidance would be appreciated.
Copy link to clipboard
Copied
Same issue exists with us except we are using jdk1.8.0_05. Scoured all sorts of sources online with NO LUCK with a remedy.
Update 04/23/2015:
Added -Djavax.net.debug=all into the jvm.config to see what was failing.
End result was this:
ajp-bio-8012-exec-1, handling exception: java.net.SocketException: Connection reset
ajp-bio-8012-exec-1, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
ajp-bio-8012-exec-1, WRITE: TLSv1.2 Alert, length = 2
ajp-bio-8012-exec-1, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
Would REALLY REALLY appreciate some assistance in this issue. Anyone?!?
Copy link to clipboard
Copied
SNI is quite a new thing. If CF is still not working after the intended bug fix I would raise another bug to tell them this as long as you meet the requirements.
What server are you running CF10 on?
There is a lot of support issues with older things and SNI. for example you cannot access any website using SNI from a Windows XP machine or Windows Server 2003 server.
These operating systems still hold a larger then expected share in our traffic so I personally wont be implementing SNI for a long time..