REST calls to Sandbox fail with SSL connect error on RHEL 6 without TLSv1.2

Question

REST calls to Sandbox fail with SSL connect error on RHEL 6 without TLSv1.2

omarkilani opened this issue 8 years ago · 11 comments

omarkilani commented 8 years ago

Hey PayPal,

I'm unable to connect to api.sandbox.paypal.com without setting:

CURLOPT_SSLVERSION => 6

(Instead of 1 as it currently is)

api.paypal.com works fine.

Is this a known issue?

Answer 1 · 2016-01-20T13:26:16.000Z

This is happening to me too.
Having: {"paypal/rest-api-sdk-php" : "v1.6.3",}

I forked this SDK yesterday and it was working fine. Now it doesn't :S
P.S: Applying @omarkilani change on PayPalHttpConfig.php works..

Answer 2 · 2016-01-20T14:54:16.000Z

https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914&expand=true&locale=en_US

After January 19-20
The Sandbox endpoints will only allow TLS 1.2 and HTTP/1.1 connections

Answer 3 · 2016-01-20T16:06:17.000Z

Thanks for the info @pp-randy , what should we do? I ran the test and says it's ok:

SUCCESS: Your server supports TLS protocols required for secure connection to PayPal Servers.

Current Curl Version: 7.22.0
Current OpenSSL Version:OpenSSL/1.0.1

Answer 4 · 2016-01-20T16:17:54.000Z

@tobeorla please see here. You might need to upgrade your openssl, curl, and re-link or recompile php so it could use openssl that supports TLS 1.2

Answer 5 · 2016-01-20T16:20:07.000Z

I don't think so:
PayPal_Connection_OKbool(true)

Answer 6 · 2016-01-20T17:44:13.000Z

I will accept the PR from @tobeorla and make a release with minor version. Updating your SDK should solve your issue. However, if for any reason, you are not ready to make the change, and want to enable PayPal again, you can follow the step shown in sample/bootstrap.php.

Adding below lines to your bootstrap location, before making a call should allow you to override the default curl options in the SDK. Optionally, you can do the same if you are using sdk_config.ini.

PayPalHttpConfig::$defaultCurlOptions[CURLOPT_SSLVERSION] = CURL_SSLVERSION_TLSv1_2;

Above code should automatically update the curl version to TLSv1.2 which is now required for sandbox.

Answer 7 · 2016-01-20T18:37:17.000Z

Made a release v1.6.4 with proper fix.

Answer 8 · 2016-01-23T00:16:35.000Z

@jaypatel512,
I don't think this fix will work for everyone.
The fix will update curl okay, but that won't help
if the user is running openssl that is below NSS 3.15.
See my comments on the following issue.
PAY request returns SSL connect error paypal/adaptivepayments-sdk-php#64
Those people running openssl below NSS 3.15 are in real trouble now.

Answer 9 · 2016-01-24T20:58:31.000Z

@jaypatel512, @juwlee,@pp-randy
We upgraded our openssl to OpenSSL/1.0.1,
and that solved the problem, like @juwlee
suggested. Now we can make payment.
Thanks.

Answer 10 · 2017-06-06T09:03:14.000Z

Hi,
i have a problem in paypal on server ... it works in localhost but doesn't work on the server
error message :
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure'

Answer 11 · 2017-06-06T13:59:22.000Z

@MhmudHsham I am locking this conversation, please open a new issue with your debug Id.