New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

REST calls to Sandbox fail with SSL connect error on RHEL 6 without TLSv1.2 #474

Closed
omarkilani opened this Issue Jan 20, 2016 · 11 comments

Comments

Projects
None yet
8 participants
@omarkilani

omarkilani commented Jan 20, 2016

Hey PayPal,

I'm unable to connect to api.sandbox.paypal.com without setting:

CURLOPT_SSLVERSION => 6

(Instead of 1 as it currently is)

api.paypal.com works fine.

Is this a known issue?

@tobeorla

This comment has been minimized.

Show comment
Hide comment
@tobeorla

tobeorla Jan 20, 2016

Contributor

This is happening to me too.
Having: {"paypal/rest-api-sdk-php" : "v1.6.3",}

I forked this SDK yesterday and it was working fine. Now it doesn't :S
P.S: Applying @omarkilani change on PayPalHttpConfig.php works..

Contributor

tobeorla commented Jan 20, 2016

This is happening to me too.
Having: {"paypal/rest-api-sdk-php" : "v1.6.3",}

I forked this SDK yesterday and it was working fine. Now it doesn't :S
P.S: Applying @omarkilani change on PayPalHttpConfig.php works..

@pp-randy

This comment has been minimized.

Show comment
Hide comment
@pp-randy

pp-randy Jan 20, 2016

Member

https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914&expand=true&locale=en_US

After January 19-20
The Sandbox endpoints will only allow TLS 1.2 and HTTP/1.1 connections

Member

pp-randy commented Jan 20, 2016

https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914&expand=true&locale=en_US

After January 19-20
The Sandbox endpoints will only allow TLS 1.2 and HTTP/1.1 connections

@pp-randy pp-randy added question and removed sdk-enhancement labels Jan 20, 2016

@tobeorla

This comment has been minimized.

Show comment
Hide comment
@tobeorla

tobeorla Jan 20, 2016

Contributor

Thanks for the info @pp-randy , what should we do? I ran the test and says it's ok:

  1. SUCCESS: Your server supports TLS protocols required for secure connection to PayPal Servers.
  • Current Curl Version: 7.22.0
  • Current OpenSSL Version:OpenSSL/1.0.1
Contributor

tobeorla commented Jan 20, 2016

Thanks for the info @pp-randy , what should we do? I ran the test and says it's ok:

  1. SUCCESS: Your server supports TLS protocols required for secure connection to PayPal Servers.
  • Current Curl Version: 7.22.0
  • Current OpenSSL Version:OpenSSL/1.0.1

tobeorla added a commit to tobeorla/PayPal-PHP-SDK that referenced this issue Jan 20, 2016

@juwlee

This comment has been minimized.

Show comment
Hide comment
@juwlee

juwlee Jan 20, 2016

@tobeorla please see here. You might need to upgrade your openssl, curl, and re-link or recompile php so it could use openssl that supports TLS 1.2

juwlee commented Jan 20, 2016

@tobeorla please see here. You might need to upgrade your openssl, curl, and re-link or recompile php so it could use openssl that supports TLS 1.2

@tobeorla

This comment has been minimized.

Show comment
Hide comment
@tobeorla

tobeorla Jan 20, 2016

Contributor

I don't think so:
PayPal_Connection_OKbool(true)

Contributor

tobeorla commented Jan 20, 2016

I don't think so:
PayPal_Connection_OKbool(true)

@jaypatel512

This comment has been minimized.

Show comment
Hide comment
@jaypatel512

jaypatel512 Jan 20, 2016

Contributor

I will accept the PR from @tobeorla and make a release with minor version. Updating your SDK should solve your issue. However, if for any reason, you are not ready to make the change, and want to enable PayPal again, you can follow the step shown in sample/bootstrap.php.

Adding below lines to your bootstrap location, before making a call should allow you to override the default curl options in the SDK. Optionally, you can do the same if you are using sdk_config.ini.

PayPalHttpConfig::$defaultCurlOptions[CURLOPT_SSLVERSION] = CURL_SSLVERSION_TLSv1_2;

Above code should automatically update the curl version to TLSv1.2 which is now required for sandbox.

Contributor

jaypatel512 commented Jan 20, 2016

I will accept the PR from @tobeorla and make a release with minor version. Updating your SDK should solve your issue. However, if for any reason, you are not ready to make the change, and want to enable PayPal again, you can follow the step shown in sample/bootstrap.php.

Adding below lines to your bootstrap location, before making a call should allow you to override the default curl options in the SDK. Optionally, you can do the same if you are using sdk_config.ini.

PayPalHttpConfig::$defaultCurlOptions[CURLOPT_SSLVERSION] = CURL_SSLVERSION_TLSv1_2;

Above code should automatically update the curl version to TLSv1.2 which is now required for sandbox.

@jaypatel512

This comment has been minimized.

Show comment
Hide comment
@jaypatel512

jaypatel512 Jan 20, 2016

Contributor

Made a release v1.6.4 with proper fix.

Contributor

jaypatel512 commented Jan 20, 2016

Made a release v1.6.4 with proper fix.

@kenjohnson

This comment has been minimized.

Show comment
Hide comment
@kenjohnson

kenjohnson Jan 23, 2016

@jaypatel512,
I don't think this fix will work for everyone.
The fix will update curl okay, but that won't help
if the user is running openssl that is below NSS 3.15.
See my comments on the following issue.
PAY request returns SSL connect error paypal/adaptivepayments-sdk-php#64
Those people running openssl below NSS 3.15 are in real trouble now.

kenjohnson commented Jan 23, 2016

@jaypatel512,
I don't think this fix will work for everyone.
The fix will update curl okay, but that won't help
if the user is running openssl that is below NSS 3.15.
See my comments on the following issue.
PAY request returns SSL connect error paypal/adaptivepayments-sdk-php#64
Those people running openssl below NSS 3.15 are in real trouble now.

@kenjohnson

This comment has been minimized.

Show comment
Hide comment
@kenjohnson

kenjohnson Jan 24, 2016

@jaypatel512, @juwlee,@pp-randy
We upgraded our openssl to OpenSSL/1.0.1,
and that solved the problem, like @juwlee
suggested. Now we can make payment.
Thanks.

kenjohnson commented Jan 24, 2016

@jaypatel512, @juwlee,@pp-randy
We upgraded our openssl to OpenSSL/1.0.1,
and that solved the problem, like @juwlee
suggested. Now we can make payment.
Thanks.

@exodusanto exodusanto referenced this issue Aug 25, 2016

Merged

Fix ssl error #5

@MhmudHsham

This comment has been minimized.

Show comment
Hide comment
@MhmudHsham

MhmudHsham Jun 6, 2017

Hi,
i have a problem in paypal on server ... it works in localhost but doesn't work on the server
error message :
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure'

MhmudHsham commented Jun 6, 2017

Hi,
i have a problem in paypal on server ... it works in localhost but doesn't work on the server
error message :
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure'

@xiaoleih41

This comment has been minimized.

Show comment
Hide comment
@xiaoleih41

xiaoleih41 Jun 6, 2017

Contributor

@MhmudHsham I am locking this conversation, please open a new issue with your debug Id.

Contributor

xiaoleih41 commented Jun 6, 2017

@MhmudHsham I am locking this conversation, please open a new issue with your debug Id.

@paypal paypal locked and limited conversation to collaborators Jun 6, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.