CFHTTP

ColdFusion / Java: I/O Exception: Received fatal alert: handshake_failure

Your CFHTTP requests may fail with an error I/O Exception: Received fatal alert: handshake_failure. the reason could be a try to connect to a web server that has very high SSL security levels enabled and is no longer compatible with older Java 8 versions.

If you are running ColdFusion on Java < 8.0.161 and you add -Djavax.net.debug=ssl,handshake,verbose to C:\ColdFusion2016\[cfusion]\bin\jvm.config you will see the below info message in coldfusion-out.log:

Read more about ColdFusion / Java: I/O Exception: Received fatal alert: handshake_failure

ColdFusion / Java: PKIX path validation failed with keyCertSign bit is not set

We tried to access a remote webservice from a partner and they updated their certificate a few days ago. This request fails with an very unhelpful error message in ColdFusion.

Symptom:

ColdFusion CFHTTP is broken if you access a SSL site, but it worked in past.
ColdFusion CFDUMP says Connection Failure with I/O Exception: peer not authenticated

Analysis:

The very first idea was - there must be something wrong with the top level certification authority like a missing root certificate in the cacerts store that has not been integrated with Java in past. The root level certificate has been imported manually, but the error was still there. As you may expierenced yourself, ColdFusion is always very unhelpful if it comes to SSL errors. If you need more detailed information you need to go on the Java level. Here is an example code snippet you can run:

Read more about ColdFusion / Java: PKIX path validation failed with keyCertSign bit is not set

Secondary menu

hass
alexander

CFHTTP

You are here

CFHTTP