When connecting to an SSL enabled website using the CFHTTP tag in ColdFusion MX, be sure to lowercase the protocol https. Using the upppercase of the protocol HTTPS might cause the CFHTTP tag to hang until it times out, returning Connection Failure for the Status Code. I've seen some SSL websites work with CFHTTP when using a protocol as either uppercase or lowercase, such as HTTPS://login.yahoo.com, but I've seen others behave problematically.

Watching the connection with a network analyzer such as Ethereal shows some interesting behaviors.

Ethereal Traces:

  • 1) [view image] CFHTTP with upper HTTPS fails, the initial connection is converted to http as seen in the trace, and the connection is gracefully ended just after it begins.

  • 2) [view image] CFHTTP with lower https works, the connection does use https, the cipher agreement can be seen to occur, and the session's data is transferred.

  • 3) [view image] CFHTTP with upper HTTPS works, connection to HTTPS://login.yahoo.com works .

I noticed that whenever I enter an uppercase protocol into a browser (MSIE) address field, it automatically converts HTTPS:// to https:// for me. This caused a lot of confusion for me until I noticed that little behavior because I was copying the uppercase version of the url from the CFHTTP URL attribute and pasting into a browser as a comparative test, but the browser always worked.

This led me to check out the RFC's related to SSL/HTTPS and I found that of the RFC's I looked at, all references to https were in lowercase. I could not find any requirement for it be in lowercase though.

In conclusion, if CFHTTP to an SSL website is giving you fits, check to make sure you're using lowercase https:// in the URL, and also check to see if the site's certificate is in the ColdFusion JVM's keystore [previous blog].