19

The site that connect sandbox paypal works , until recently

it can connect will curl

but when it send the request at the second time

it show the error of

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I have tried some reference online and set the SSL SHA-256 cert of it but it return same error. Other suggest switch to TLS at the curl connection but it may not perfered as there are many project I have handled.

Are there any suggestion to connect sandbox paypal with SSLv3? Thanks for helping.

enter image description here

enter image description here

enter image description here

user3538235
  • 1,991
  • 6
  • 27
  • 55

3 Answers3

15

You'll have to switch the cURL request to use TLS 1.2 in order to use the PayPal sandbox. I'm in the same boat, and there's no way around it, unfortunately. They just activated the change on the sandbox environment a few days ago.

https://devblog.paypal.com/upcoming-security-changes-notice/

0kay
  • 433
  • 4
  • 7
  • As there are many project I have created using paypal sandbox, I wonder is it work after enable tls v1.2 , or I have to modify the library code? can I set the connection to Tls v1.2 by default in server and use globallly in every project? thanks a lot – user3538235 Jan 23 '16 at 15:50
  • 4
    Hey you should be able to just override the default library configuration. In PHP you can do this `curl_setopt($curl, CURLOPT_SSLVERSION,6); // 6 is TLS 1.2` which platform are you using? – 0kay Jan 23 '16 at 16:25
  • paypal library with omipay for php https://github.com/thephpleague/omnipay-paypal – user3538235 Jan 23 '16 at 16:52
  • 1
    Hmm, you might actually need to upgrade openssl, I don't see any place where the SSL version is being hardcoded in the omnipay library. `sudo apt-get install openssl' I would try this in a test environment first of course, just in case. Don't want to risk breaking anything else. – 0kay Jan 23 '16 at 17:57
  • thanks , and I found out it does not need the "real" SSL cert, but a server support TLSv1.2 will fine – user3538235 Feb 01 '16 at 01:41
11

I'll add some extra info on this since the first answer doesn't really cover all of the important points.

Paypal has started rolling out some upgrades, the sandbox now requires TLS 1.2 for all requests, and production systems will also require this from June 2016 onwards.

To support this you will need to:

  • Ensure your server has OpenSSL 1.0.1 or above (which is when TLS 1.2 support was added).
    openssl version will show you your version number.

  • Once you meet that criteria, in your PHP code you can force the SSLVERSION to TLS 1.2 with the following command:

    curl_setopt($curl, CURLOPT_SSLVERSION, 6);

Or if you want a less hacky solution, it is possible to have the correct SSL version kick in automatically during the handshake, where the client and server compare available ciphers to find a common protocol. You appear to be using PHP + curl, so you'll need PHP 5.5.19+ and curl 7.29+ for this to take place.

Simon East
  • 55,742
  • 17
  • 139
  • 133
Matt O
  • 1,336
  • 2
  • 10
  • 19
0

I have similar problem with error 14077410 and SSL3. I upgrade my PHP server from 5.4 to 7.0 and error disappear.

Tapa Save
  • 4,769
  • 5
  • 32
  • 54