cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • EspaƱol
      • FranƧais
      • PortuguĆŖs
  • ę—„ęœ¬čŖžć‚³ćƒŸćƒ„ćƒ‹ćƒ†ć‚£
    Dedicated community for Japanese speakers
  • ķ•œźµ­ ģ»¤ė®¤ė‹ˆķ‹°
    Dedicated community for Korean speakers
Exit
0
Upvote

CF2021- Intermittent connection failures to third party APIs?

modigm
Community Beginner ,
Jan 19, 2022 Jan 19, 2022

Copy link to clipboard

Copied

Howdy,

 

We are running CF2021 on Win2019 Server Datacenter. Over the past couple of weeks we have started seeing intermittent connection falures to some of our third party partners, like our payment processor, and other partners. CF is using TLS1.3 to make these connections, and if we immediately try to connect again when we get a connection failure, it almost always connects successfully. Sometimes it goes through fine without having to retry, so it is an intermittent failure.
One thing we have observed is that many, id not all of the failures appear to be trying to connect with a pre-shared key (PSK), while the successful retries do not (presumably CF drops the PSK when the connection failure occurs).
Is anyone else seeing something similar or has seen this?
One suggestion raised was to turn off TLS1.3 and fall back to 1.2. I assume we can do that using JVM command line args in the CFadmin and then restart?
Appreciate any help and suggestions.
As near as I can tell, we are current on CF updates.

Thank you for your time and attention.

TOPICS
Security

Views

116

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
Charlie Arehart Community Expert
Community Expert ,
Jan 19, 2022 Jan 19, 2022

Copy link to clipboard

Copied

A few thoughts :

  • Yes, some others have seen it. Not common, but happening. And there's not yet been a clear resolution shared widely.
  • Yes, it may be that adding the jvm args to limit calls out to use only tls 1.3 would help (and someone will share them of you don't find them), but do beware that would affect ALL calls out of cf, not just this app you're focused on. And you may say it's the only one that matters, but that's about cfhttp calls, right? You may also use tls in your mail server config, db/dsn config, and more. So just be careful about that.
  • You say cf is updated, but you don't confirm the update number. Please do. It's on the "settings summary" page in the cf admin.
  • More important, that page will show the jvm version  cf is using. What's that? (Don't do a "Java - version" command to find that. Cf may not use THAT jvm but another that it points to.) Both are on that settings summary page.
  • If you are not on a recent  update to the jvm cf supports (which for now in on Cf2021 and 2018 is Java 11), that could contribute to your problem. The latest Java 11 update is 14, which came out yesterday.
  • You may be on something much older like 11.0.1, which the original cf installer (from Nov 2020) implemented by mistake. The new cf installer from Sept implements 11.0.11 by default.) Or you may  you point to some other Java outside of cf, which is OK (as long as it's Java 11).
  • There are various resources that walk through updating cf to a newer Java. Let's hear first where things stand. 

/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
modigm
Community Beginner ,
Jan 19, 2022 Jan 19, 2022

Copy link to clipboard

Copied

In Response To Charlie Arehart

CF version is 

2021,0,0,323925
I was told we had updated several weeks ago, because of log4j, but it looks like this might not be the latest. I do know we implemented the log4j workaround then.

Java version is 11.0.1, CF is pointing to the JRE that comes with the installer.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
modigm
Community Beginner ,
Jan 19, 2022 Jan 19, 2022

Copy link to clipboard

Copied

In Response To modigm

The Package Manager page seems a little flaky. I click "Check for Updates" under Core server and it says there are no updates. Click it again and it says there are three. Click it again and it's back to no updates.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Jan 19, 2022 Jan 19, 2022

Copy link to clipboard

Copied

LATEST
In Response To modigm
 

CF version is 

2021,0,0,323925
I was told we had updated several weeks ago, because of log4j, but it looks like this might not be the latest. I do know we implemented the log4j workaround then.

Java version is 11.0.1, CF is pointing to the JRE that comes with the installer.

By @modigm

 

Your environment is lagging behind in terms of updates. I would suggest you

 

Who knows, perhaps when you're done, your original problem will go away.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright Ā© 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices