CFHTTP and SSL

[tleish]

I want to be able to send a file from one server to another server via SSL. Previously I read a bunch of documentation that said that you had to run ColdFusion as a Descktop app if you're running on NT.

See:

http://www.allaire.com/Handlers/index.cfm?ID=1608

But in the article that explains how to do this on Allaire site, it has this right in the middle of the article:

NOTE: The WININET problem described in the article is applicable to NT 4.0 service pack 3 or lower. CFHTTP and SSL can be used with ColdFusion running as a service with NT 4.0 service pack 4.0.

So, according to this note, my setup will work fine.

So I did a test run, and it seemed to work fine. I set up a page on an ssl server and had it output the CGI variable stack. Then I set up a CFHTTP script on a different server, and when I ran it using https, here's some of the CGI variables:

CERT_KEYSIZE: 128
CERT_SECRETKEYSIZE: 1024
HTTPS: on
HTTPS_KEYSIZE: 128
HTTPS_SECRETKEYSIZE: 1024
SERVER_PORT: 443
SERVER_PORT_SECURE: 1

All the CGI variables says it was a secure connection.

So my question is, does this mean that it works? I was under the impression that if it didn't work correctly, CFHTTP would throw an error. Does anyone have anymore insight on this? I need to be absolutely posotive that this is Secure before I continue.
- tleish

 

[GunJack]

Hey Tleish,

If it were me, I'd setup a sniffer or linux box running tcpdump and just see if anything goes across in the clear. Another option that I think would be easier if you're running NT/IIS would be to setup a virtual directory and check the "require ssl" option. If you're able to connect and retrieve the page, I'd say that's almost a guarantee it's working.

GJ