1

I'm using ColdFusion on a Windows server. I try to connect to an API, it works on http url, but not on https.

<cfhttp url="https://www.example.com/api/login" method="post" result="httpResp" timeout="120">
    <cfhttpparam type="header" name="Content-Type" value="application/x-www-form-urlencoded" />
    <cfhttpparam type="formField" name="user_key" value="#user_key#" />
     <cfhttpparam type="formField" name="email" value="#user_email#" />
     <cfhttpparam type="formField" name="password" value="#user_password#" />
</cfhttp>
<cfdump var="#httpResp#">

I'm getting this response:

struct
Charset [empty string]
ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure
Header  [empty string]
Mimetype    Unable to determine MIME type of file.
Responseheader  
struct [empty]
Statuscode  Connection Failure. Status code unavailable.
Text    YES

When opening the URL from the server, I'm getting this xml response:

<rsp stat="fail" version="1.0">
<err code="15">Login failed</err>
</rsp>

And in my code, I have another https post that works without issue:

<cfhttp url="https://www.example2.com" method="post" result="httpResp" timeout="120">
    <cfhttpparam type="header" name="Content-Type" value="application/json" />
    <cfhttpparam type="body" value="#Replace(myJsonStruct,"//","")#">
</cfhttp>

That means that the issue is not coming from SSL settings on the server.

Is there an error in my CF code?

Marc El Bichon
  • 397
  • 1
  • 7
  • 24
  • Are both of your `cfhttp` calls to the same domain (URL)? – Miguel-F Feb 11 '19 at 14:35
  • no, two different APIs – Marc El Bichon Feb 11 '19 at 14:45
  • I believe that this has been answered before... https://stackoverflow.com/a/45384015/693068 – James Moberg Feb 11 '19 at 15:02
  • I’ve seen numerous cfhttp/SSL issues over the years that persist even to this day. It might have something to do with the version of your JVM. Have you seen this https://stackoverflow.com/questions/20469194/coldfusion-https-connection-failure – Redtopia Feb 11 '19 at 15:04
  • Yes, but didn't helped :( – Marc El Bichon Feb 11 '19 at 15:38
  • 1
    (Edit) Could you be more specific? Full java version and what changes you tried? f the successful call is to a different domain, then it doesn't rule out an SSL issue. Especially because you're using an old version of CF which isn't certified for Java 1.8, and had a number of issues when many sites switched to TLS1.2, due to lack of support in Java 1.7 (see links above). – SOS Feb 11 '19 at 17:46
  • 1
    The error message is pretty clear here. The HTTP client cannot negotiate a common security protocol with the endpoint. Simple reason: most servers no longer accept SSLv3 and TLS prior to 1.2. Switch to JRE 1.8 (let `\cfusion\bin\jvm.config` point to the updated JRE) and replace the `\cfusion\lib\tools.jar` in your CF with the corresponding JDK version (1.8). – Alex Feb 11 '19 at 19:33
  • .. though IRC, CF9 is too old to support Java 1.8 – SOS Feb 11 '19 at 20:19
  • 1
    Time to upgrade ACF or port to Lucee... either choice may be a significant effort. – Redtopia Feb 11 '19 at 22:22
  • 1
    Aside, you can also download [commandbox](https://www.ortussolutions.com/products/commandbox) and try the same code with a newer version of CF that defaults to Java 1.8+ and confirm it resolves the problem - and get an idea of what's needed to upgrade. – SOS Feb 12 '19 at 02:42
  • You may just need to add the site's certificate to the keystore for your ColdFusion server. See my answer over here - https://stackoverflow.com/a/20475763/1636917 – Miguel-F Feb 12 '19 at 13:09
  • Is there a public URL for this API? Does it say whether it requires TLS1.2? – SOS Feb 12 '19 at 13:54

0 Answers0