• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Cf 16 to 21 cfhttp failures

New Here ,
May 23, 2022 May 23, 2022

Copy link to clipboard

Copied

Has anyone had to deal with upgrading to Cf 21 in Azure and seeing intermittent "Connection Failures" when making api calls using cfhtttp? We ended up rolling back to the CF 16 servers. We've looked into TLS settings, certificates problems but nothing. Thanks for any suggestions. 

Views

154

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 23, 2022 May 23, 2022

Copy link to clipboard

Copied

So many more questions/observations than answers (I do offer one specific possible solution):

  • Are you saying things worked with CF2016 on Azure before upgrading to 2021?
  • If 2016 was off Azure, the problem may happen on 2016 on Azure, or on 2021 if run on the same server as 2016. Have you tried either?
  • The default jvm used by cf will have changed between 2016 and 2021 (from Java 8 to 11). What jvm is your cf2016 and 2021 using? Don't guess: what does the cf admin show, on the settings summary page?
  • If your jvm for 2021 is older than 11.0.15, try updating to that (and point cf at it). Restart cf and confirm the cf admin shows it now running that version. Then run your tests again. This alone may solve your problem.
  • What update is your cf2021 running? And your 2016? 
  • If problems remains after updating the jvm especially, and cf if needed, is it all cfhttp calls or only certain ones? Since it's intermittent, I'm asking if any other url DOES always run and never fail the same way. There's an http.log in cf that tracks all such calls. 
  • Are the cfhttp calls to your own server or another? If to your own, are they to cf itself? 
  • Is it only https calls? Or also http calls, if you do any? 
  • If all else fails, you could enable the jvm tls/ssl debug logging, which would track dozens of lines per cfhttp call in cf. Those details may help you. Google the phrase to find the jvm arg options for that, which you'd put in the cf jvm.args. All top much to detail here, especially when you may not need it. 

/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 26, 2022 May 26, 2022

Copy link to clipboard

Copied

Thanks for the response Charlie, lot's to think about and test.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 26, 2022 May 26, 2022

Copy link to clipboard

Copied

Ok, but most were simply questions, whose answers might guide us to different suggestions for you. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 26, 2022 May 26, 2022

Copy link to clipboard

Copied

Hi @therealfreemont , what if it's the other way round? What if the API website has security settings that are outdated, whereas CF2021 comes equipped with up-to-date security settings? That would explain why the outdated ColdFusion version works.

 

There is one way to check this idea. Do an SSL scan of the API website using, for example, the tool https://www.ssllabs.com/ssltest/index.html . Enter the API's domain ( such as, say, adobe.com ), press Submit and wait a few minutes.

 

What grade does the site score? What TLS and SSL protocols does the site support?  

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 26, 2022 May 26, 2022

Copy link to clipboard

Copied

We started down this path, the issue being intermittent has been frustrating. I will try your suggestion. It's TLS 1.2. Thanks man.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 27, 2022 May 27, 2022

Copy link to clipboard

Copied

LATEST

 

What grade does the site score? What TLS and SSL protocols does the site support?  

 


By @BKBK

 

I should perhaps mention that that question relates to the result that you get after doing the ssllabs test.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation