Enabling SSL results in some CFHTTP requests to fail.

Description

We ran into a really confusing issue with some CFHTTP requests failing, with Unknown host: Received fatal alert: handshake_failure

As far as I can tell, this happens when SSL is enabled for CommandBox. When we disable SSL, the requests are made successfully.

Here's a repro case: https://github.com/mjclemente/commandbox-ssl-cfhttp-repro

The TLDR; is that when SSL is enabled, the requests fail, but when it's disabled, they succeed.

Note, enabling SSL does not cause all CFHTTP requests to fail - just a subset. For what it's worth, one of the commonalities seems to be that the sites that fail have certificates provided by Cloudflare.

Finally, this is a regression. The same code runs without issue on Commandbox 4.8

Attachments

1

Activity

Show:

Brad WoodMay 31, 2020 at 12:21 AM

Matthew ClementeMay 31, 2020 at 12:18 AM

Just gave it a try and it seems the logic isn't quite working correctly.

Now, not only is it broken for the older Adobe versions, but when I try to set the flag manually for Lucee (which resolved the issue as a workaround), it remains broken and I get the error logged in the console: "It's not possible to set enableECC -> true when using Lucee Server". So the workaround doesn't work anymore either.

Seems like the logic needs to be reworked a bit.

Brad WoodMay 30, 2020 at 11:17 PM
Edited

Can you please review if this 4.1.2-snapshot works better:

https://s3.amazonaws.com/downloads.ortussolutions.com/cfmlprojects/runwar/4.1.2-SNAPSHOT/runwar-4.1.2-SNAPSHOT.jar

I want to release the 5.1.1 patch with the Mac OS bug and if this works, I’d like to include it as well.

Miguel MathusMay 29, 2020 at 10:11 PM

it’s merged and builded into a SNAPSHOT artifact with version 4.1.2

Brad WoodMay 29, 2020 at 7:16 PM

Status on this?

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Affects versions

Fix versions

Priority

Components

Sentry

Created May 15, 2020 at 9:55 PM
Updated June 1, 2020 at 5:55 PM
Resolved June 1, 2020 at 5:55 PM