2 Replies Latest reply on Apr 24, 2015 1:05 AM by haxtbh

    Can't connect to SNI enabled server using cfhttp

    nosredna

       

      I am using CF10 and have been working on an application that connects to a secure server using cfhttp.  It was working fine but then the host moved their application to a Windows server 2012 box using IIS8 with SNI enabled and now I cannot connect.

       

      After reviewing the Internet I found that CF has a bug; # 3598342 registered in its Adobe bug database and that it has “apparently” been fixed with upgrade 14 for CF10.  I actually applied upgrade 15 so am now running build 10,0,15,292620 and java version 1.7.0_15.

       

      However, after completing this upgrade and ensuring that the server’s SSL certificate is installed in the CF certificate store, I still cannot connect to the SNI enabled server using cfhttp. 


      I'm not sure where to go from here.  Am I missing something?  Any guidance would be appreciated.

       

       

       

        • 1. Re: Can't connect to SNI enabled server using cfhttp
          dpstucson Level 1

          Same issue exists with us except we are using jdk1.8.0_05. Scoured all sorts of sources online with NO LUCK with a remedy.

           

          Update 04/23/2015:

          Added -Djavax.net.debug=all into the jvm.config to see what was failing.

          End result was this:

          ajp-bio-8012-exec-1, handling exception: java.net.SocketException: Connection reset

          ajp-bio-8012-exec-1, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message

          ajp-bio-8012-exec-1, WRITE: TLSv1.2 Alert, length = 2

          ajp-bio-8012-exec-1, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error

           

          Would REALLY REALLY appreciate some assistance in this issue.  Anyone?!?

          • 2. Re: Can't connect to SNI enabled server using cfhttp
            haxtbh Level 4

            SNI is quite a new thing. If CF is still not working after the intended bug fix I would raise another bug to tell them this as long as you meet the requirements.

             

            What server are you running CF10 on?

             

            There is a lot of support issues with older things and SNI. for example you cannot access any website using SNI from a Windows XP machine or Windows Server 2003 server.

             

            These operating systems still hold a larger then expected share in our traffic so I personally wont be implementing SNI for a long time..