New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unknown SSL protocol error in connection to tlstest.paypal.com:443 after installing version "1.6.4" PHP SDK #484

Closed
kesongxie opened this Issue Jan 25, 2016 · 24 comments

Comments

Projects
None yet
@kesongxie

kesongxie commented Jan 25, 2016

I'm testing using sandbox at localhost
I was testing my TSL at index.php, using the information provided at https://github.com/paypal/TLS-update

<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch)); ?>

I got bool(false) string(67) "Unknown SSL protocol error in connection to tlstest.paypal.com:443 "

when I run

$ curl --version

I got
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz

when I did var_dump(curl_version());

i have
array(9) { ["version_number"]=> int(469248) ["age"]=> int(3) ["features"]=> int(558621) ["ssl_version_number"]=> int(0) ["version"]=> string(6) "7.41.0" ["host"]=> string(25) "x86_64-apple-darwin10.8.0" ["ssl_version"]=> string(14) "OpenSSL/0.9.8z" ["libz_version"]=> string(5) "1.2.8" ["protocols"]=> array(20) { [0]=> string(4) "dict" [1]=> string(4) "file" [2]=> string(3) "ftp" [3]=> string(4) "ftps" [4]=> string(6) "gopher" [5]=> string(4) "http" [6]=> string(5) "https" [7]=> string(4) "imap" [8]=> string(5) "imaps" [9]=> string(4) "ldap" [10]=> string(5) "ldaps" [11]=> string(4) "pop3" [12]=> string(5) "pop3s" [13]=> string(4) "rtsp" [14]=> string(3) "smb" [15]=> string(4) "smbs" [16]=> string(4) "smtp" [17]=> string(5) "smtps" [18]=> string(6) "telnet" [19]=> string(4) "tftp" } }

Any insight will be appreciated

@Caffe1neAdd1ct

This comment has been minimized.

Show comment
Hide comment
@Caffe1neAdd1ct

Caffe1neAdd1ct Jan 25, 2016

When running from CLI make sure to include the following CURL OPT:

curl_setopt($ch, CURLOPT_SSLVERSION, 6);

it was included in the 1.6.4 SDK so will be required when testing from CLI:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, 6); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

Caffe1neAdd1ct commented Jan 25, 2016

When running from CLI make sure to include the following CURL OPT:

curl_setopt($ch, CURLOPT_SSLVERSION, 6);

it was included in the 1.6.4 SDK so will be required when testing from CLI:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, 6); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'
@Caffe1neAdd1ct

This comment has been minimized.

Show comment
Hide comment
@Caffe1neAdd1ct

Caffe1neAdd1ct Jan 25, 2016

Also this issue may be of use:

#479

I've listed out some of the minimum requirements from testing on our servers.

Caffe1neAdd1ct commented Jan 25, 2016

Also this issue may be of use:

#479

I've listed out some of the minimum requirements from testing on our servers.

@kesongxie

This comment has been minimized.

Show comment
Hide comment
@kesongxie

kesongxie Jan 25, 2016

@Caffe1neAdd1ct , when I added curl_setopt($ch, CURLOPT_SSLVERSION, 6); the error message now becomes bool(false) string(32) "Unsupported SSL protocol version", any suggestion?

kesongxie commented Jan 25, 2016

@Caffe1neAdd1ct , when I added curl_setopt($ch, CURLOPT_SSLVERSION, 6); the error message now becomes bool(false) string(32) "Unsupported SSL protocol version", any suggestion?

@Caffe1neAdd1ct

This comment has been minimized.

Show comment
Hide comment
@Caffe1neAdd1ct

Caffe1neAdd1ct Jan 25, 2016

What versions of PHP and OpenSSL have you got installed?

On Mon, Jan 25, 2016 at 1:13 PM, kesongxie notifications@github.com wrote:

@Caffe1neAdd1ct https://github.com/Caffe1neAdd1ct , when I added curl_setopt($ch,
CURLOPT_SSLVERSION, 6); the error now becomes Unsupported SSL protocol
version, any suggestion?


Reply to this email directly or view it on GitHub
#484 (comment)
.

Caffe1neAdd1ct commented Jan 25, 2016

What versions of PHP and OpenSSL have you got installed?

On Mon, Jan 25, 2016 at 1:13 PM, kesongxie notifications@github.com wrote:

@Caffe1neAdd1ct https://github.com/Caffe1neAdd1ct , when I added curl_setopt($ch,
CURLOPT_SSLVERSION, 6); the error now becomes Unsupported SSL protocol
version, any suggestion?


Reply to this email directly or view it on GitHub
#484 (comment)
.

@kesongxie

This comment has been minimized.

Show comment
Hide comment
@kesongxie

kesongxie Jan 25, 2016

@Caffe1neAdd1ct
I'm currently using php 5.6.7, when using var_dump(curl_version()); i got this ["ssl_version"]=> string(14) "OpenSSL/0.9.8z", it's what you are referring to?

kesongxie commented Jan 25, 2016

@Caffe1neAdd1ct
I'm currently using php 5.6.7, when using var_dump(curl_version()); i got this ["ssl_version"]=> string(14) "OpenSSL/0.9.8z", it's what you are referring to?

@Caffe1neAdd1ct

This comment has been minimized.

Show comment
Hide comment
@Caffe1neAdd1ct

Caffe1neAdd1ct Jan 25, 2016

Openssl must be at 1.0.1 or higher for TLS 1.2.

Looks like you'll need to update it to a newer version.
On 25 Jan 2016 14:31, "kesongxie" notifications@github.com wrote:

I'm currently using php 5.6.7, when using var_dump(curl_version()); i got
this ["ssl_version"]=> string(14) "OpenSSL/0.9.8z", it's what you are
referring to?


Reply to this email directly or view it on GitHub
#484 (comment)
.

Caffe1neAdd1ct commented Jan 25, 2016

Openssl must be at 1.0.1 or higher for TLS 1.2.

Looks like you'll need to update it to a newer version.
On 25 Jan 2016 14:31, "kesongxie" notifications@github.com wrote:

I'm currently using php 5.6.7, when using var_dump(curl_version()); i got
this ["ssl_version"]=> string(14) "OpenSSL/0.9.8z", it's what you are
referring to?


Reply to this email directly or view it on GitHub
#484 (comment)
.

@kesongxie

This comment has been minimized.

Show comment
Hide comment
@kesongxie

kesongxie Jan 25, 2016

@Caffe1neAdd1ct I realized I have to update it, since I was debugging on my MAMP environment, and at the terminal when I use openssl version, it gives me OpenSSL 1.0.2d 9 Jul 2015, but at the phpinfo() the openssl stays 0.9.8, haven't been able to upgrade my openssl in my MAMP even though I have installed a new version of MAMP PRO.

kesongxie commented Jan 25, 2016

@Caffe1neAdd1ct I realized I have to update it, since I was debugging on my MAMP environment, and at the terminal when I use openssl version, it gives me OpenSSL 1.0.2d 9 Jul 2015, but at the phpinfo() the openssl stays 0.9.8, haven't been able to upgrade my openssl in my MAMP even though I have installed a new version of MAMP PRO.

@jaypatel512

This comment has been minimized.

Show comment
Hide comment
@jaypatel512

jaypatel512 Jan 25, 2016

Contributor

Please keep in mind that openssl installed in your machine by itself, which generally is shown by openssl version is not the same as the one used by PHP. PHP uses its own installation of openssl, and its version can only be obtained by doing var_dump(curl_version());.

There are few tutorials out there that could help you link the newer version of openssl to your php installation. http://stackoverflow.com/questions/7508857/how-do-i-get-the-new-version-of-openssl-to-display-in-my-phpinfo

If nothing, downloading the latest php version would help resolve this issue.

Contributor

jaypatel512 commented Jan 25, 2016

Please keep in mind that openssl installed in your machine by itself, which generally is shown by openssl version is not the same as the one used by PHP. PHP uses its own installation of openssl, and its version can only be obtained by doing var_dump(curl_version());.

There are few tutorials out there that could help you link the newer version of openssl to your php installation. http://stackoverflow.com/questions/7508857/how-do-i-get-the-new-version-of-openssl-to-display-in-my-phpinfo

If nothing, downloading the latest php version would help resolve this issue.

@kesongxie

This comment has been minimized.

Show comment
Hide comment
@kesongxie

kesongxie Jan 25, 2016

@jaypatel512 when I'm running php 7 at my MAMP Pro, it still says OpenSSL 0.9.8, I think it's the MAMP itself run with openssl 0.9.8. Can I manually change it to version>=1.0? I have done a research on stack overflow, but haven't found something that is able to point me to a right direction

kesongxie commented Jan 25, 2016

@jaypatel512 when I'm running php 7 at my MAMP Pro, it still says OpenSSL 0.9.8, I think it's the MAMP itself run with openssl 0.9.8. Can I manually change it to version>=1.0? I have done a research on stack overflow, but haven't found something that is able to point me to a right direction

@marcfowler

This comment has been minimized.

Show comment
Hide comment
@marcfowler

marcfowler Jan 27, 2016

I'm having the same problem @kesongxie and it really is a MAMP issue and nothing to do with PayPal. I've not found any methods of updating the version of OpenSSL that MAMP uses. If you come across anything I'd love to hear it as this is slowing me right down! I've emailed their support and am waiting to hear back.

marcfowler commented Jan 27, 2016

I'm having the same problem @kesongxie and it really is a MAMP issue and nothing to do with PayPal. I've not found any methods of updating the version of OpenSSL that MAMP uses. If you come across anything I'd love to hear it as this is slowing me right down! I've emailed their support and am waiting to hear back.

@jaypatel512

This comment has been minimized.

Show comment
Hide comment
@jaypatel512

jaypatel512 Jan 28, 2016

Contributor

Hey All !

I have found a relatively helpful link to update your MAMP installation. This is not an official answer, just a pointer to help few developers who are having a hard time updating it. http://jaspan.com/openssl-support-php-under-mamp

Getting a more concrete answer from MAMP would be a wonderful help here.

Contributor

jaypatel512 commented Jan 28, 2016

Hey All !

I have found a relatively helpful link to update your MAMP installation. This is not an official answer, just a pointer to help few developers who are having a hard time updating it. http://jaspan.com/openssl-support-php-under-mamp

Getting a more concrete answer from MAMP would be a wonderful help here.

@marcfowler

This comment has been minimized.

Show comment
Hide comment
@marcfowler

marcfowler Jan 28, 2016

They replied to me and said that:

At this point you cannot update your openssl for MAMP PRO. As much as I understand now, you need to replace openSSL system libraries as well as updating the openssl version. I can't give any advice for updating openssl beyond that. MAMP 4.x will include a bundled version of the latest openssl. MAMP 4.x will be available in 6-8 weeks.

So it looks like going your way and compiling the newer extension is the way to go. Thanks for the link! I'll give that a try later on!

marcfowler commented Jan 28, 2016

They replied to me and said that:

At this point you cannot update your openssl for MAMP PRO. As much as I understand now, you need to replace openSSL system libraries as well as updating the openssl version. I can't give any advice for updating openssl beyond that. MAMP 4.x will include a bundled version of the latest openssl. MAMP 4.x will be available in 6-8 weeks.

So it looks like going your way and compiling the newer extension is the way to go. Thanks for the link! I'll give that a try later on!

@vovafeldman

This comment has been minimized.

Show comment
Hide comment
@vovafeldman

vovafeldman Feb 10, 2016

@jaypatel512 @marcfowler I compiled the new extension based on the instructions of the recommended link, copied the created openssl.so to the suggested extensions module and referenced the file in the active php.ini template. Unfortunately, it remains the same.

vovafeldman commented Feb 10, 2016

@jaypatel512 @marcfowler I compiled the new extension based on the instructions of the recommended link, copied the created openssl.so to the suggested extensions module and referenced the file in the active php.ini template. Unfortunately, it remains the same.

@vovafeldman

This comment has been minimized.

Show comment
Hide comment
@vovafeldman

vovafeldman Feb 10, 2016

@jaypatel512 your trello board/card link is empty.

vovafeldman commented Feb 10, 2016

@jaypatel512 your trello board/card link is empty.

@jaypatel512

This comment has been minimized.

Show comment
Hide comment
@jaypatel512

jaypatel512 Feb 10, 2016

Contributor

Hey @vovafeldman ! That is just for internal access, and you wont be able to see those !

Contributor

jaypatel512 commented Feb 10, 2016

Hey @vovafeldman ! That is just for internal access, and you wont be able to see those !

@vovafeldman

This comment has been minimized.

Show comment
Hide comment
@vovafeldman

vovafeldman Feb 10, 2016

@jaypatel512 Gotcha 👍 Then, what MAMP users can do? It looks like there's no way for me to test the API from my local environment. I spend the whole day yesterday googling for a solution and nothing helped.

vovafeldman commented Feb 10, 2016

@jaypatel512 Gotcha 👍 Then, what MAMP users can do? It looks like there's no way for me to test the API from my local environment. I spend the whole day yesterday googling for a solution and nothing helped.

@stefanoortisi

This comment has been minimized.

Show comment
Hide comment
@stefanoortisi

stefanoortisi Feb 11, 2016

I'm having the same issue with MAMP. Any ideas?

stefanoortisi commented Feb 11, 2016

I'm having the same issue with MAMP. Any ideas?

@marcfowler

This comment has been minimized.

Show comment
Hide comment
@marcfowler

marcfowler Feb 11, 2016

@stefanoortisi until MAMP update, there's nothing much we can do except not use MAMP for this particular thing. Pretty frustrating but they told me it's only 6-8 weeks away, so we can hope they stick to that!

marcfowler commented Feb 11, 2016

@stefanoortisi until MAMP update, there's nothing much we can do except not use MAMP for this particular thing. Pretty frustrating but they told me it's only 6-8 weeks away, so we can hope they stick to that!

@stefanoortisi

This comment has been minimized.

Show comment
Hide comment
@stefanoortisi

stefanoortisi Feb 11, 2016

That's really annoying. Ok, thanks anyway @marcfowler

stefanoortisi commented Feb 11, 2016

That's really annoying. Ok, thanks anyway @marcfowler

@patrin

This comment has been minimized.

Show comment
Hide comment
@DMeganoski

This comment has been minimized.

Show comment
Hide comment
@DMeganoski

DMeganoski Feb 28, 2016

Guys, have you considered switching to another stack provider until the update? Perhaps xampp, that's what I use.

DMeganoski commented Feb 28, 2016

Guys, have you considered switching to another stack provider until the update? Perhaps xampp, that's what I use.

@LeeZa

This comment has been minimized.

Show comment
Hide comment
@LeeZa

LeeZa May 6, 2016

how to update the curl ssl version? one server:

cURL support enabled
cURL Information 7.15.5
cURL SSL Version OpenSSL/0.9.8b

openssl

OpenSSL support enabled
OpenSSL Library Version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
OpenSSL Header Version OpenSSL 1.0.1e 11 Feb 2013

And the OpenSSL Library Version is different with Header Version. Could anyone help?

LeeZa commented May 6, 2016

how to update the curl ssl version? one server:

cURL support enabled
cURL Information 7.15.5
cURL SSL Version OpenSSL/0.9.8b

openssl

OpenSSL support enabled
OpenSSL Library Version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
OpenSSL Header Version OpenSSL 1.0.1e 11 Feb 2013

And the OpenSSL Library Version is different with Header Version. Could anyone help?

@jinxingvenus

This comment has been minimized.

Show comment
Hide comment
@jinxingvenus

jinxingvenus Jun 8, 2016

Our environment is apache2.x_php 5.4.30 + OpenSSL 1.0.1e-fips 11 Feb 2013
I use python 2.X command "python -c "import urllib2; print(urllib2.urlopen('https://tlstest.paypal.com/').read())""
to sure system openssl lib is ok .
system reply "PayPal_Connection_OK"

But ,i use php command to run,system reply "bool(false)"
Our site have runing with paypal now,
Any suggestion is welcome.

jinxingvenus commented Jun 8, 2016

Our environment is apache2.x_php 5.4.30 + OpenSSL 1.0.1e-fips 11 Feb 2013
I use python 2.X command "python -c "import urllib2; print(urllib2.urlopen('https://tlstest.paypal.com/').read())""
to sure system openssl lib is ok .
system reply "PayPal_Connection_OK"

But ,i use php command to run,system reply "bool(false)"
Our site have runing with paypal now,
Any suggestion is welcome.

@braebot

This comment has been minimized.

Show comment
Hide comment
@braebot

braebot Mar 21, 2017

Member

Closing due to inactivity. For any future TLS issues, please see the PayPal TLS-update repo.

Member

braebot commented Mar 21, 2017

Closing due to inactivity. For any future TLS issues, please see the PayPal TLS-update repo.

@braebot braebot closed this Mar 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment