CFHTTP

Your CFHTTP requests may fail with an error I/O Exception: Received fatal alert: handshake_failure.  the reason could be a try to connect to a web server that has very high SSL security levels enabled and is no longer compatible with older Java 8 versions.

If you are running ColdFusion on Java < 8.0.161 and you add -Djavax.net.debug=ssl,handshake,verbose to C:\ColdFusion2016\[cfusion]\bin\jvm.config you will see the below info message in coldfusion-out.log:

We tried to access a remote webservice from a partner and they updated their certificate a few days ago. This request fails with an very unhelpful error message in ColdFusion.

Symptom:

• ColdFusion CFHTTP is broken if you access a SSL site, but it worked in past.
• ColdFusion CFDUMP says Connection Failure with I/O Exception: peer not authenticated

Analysis:

The very first idea was - there must be something wrong with the top level certification authority like a missing root certificate in the cacerts store that has not been integrated with Java in past. The root level certificate has been imported manually, but the error was still there. As you may expierenced yourself, ColdFusion is always very unhelpful if it comes to SSL errors. If you need more detailed information you need to go on the Java level. Here is an example code snippet you can run: