1

Recently, a service I am hosting on GoDaddy (Economy Windows Hosting) has started being refused cURL connections to the PayPal API endpoint: https://api.sandbox.paypal.com/v1/oauth2/token

With error:

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Reading: Paypal can not connect to Sandbox server. Return error 14077410 (sslv3 alert handshake failure)

I understand that this is related to TLS1.2 being required. This is included in OpenSSL 1.01, but my server is currently running 0.9.8y and, as it's a shared hosting, I have no control over it.

So - does anybody know any way around this?

My code:

url_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
            curl_setopt($ch, CURLOPT_HEADER, false);
            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_USERPWD, $clientId . ":" . $secret);
            curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
            curl_setopt($ch, CURLOPT_SSLVERSION,6);

            $result = curl_exec($ch);

            if (empty($result)) die("Error: No response.<br /> <b>Err:</b> " . curl_error($ch).' <b><br />ErrNo:</b> '.curl_errno($ch)."<br/>".phpinfo());
            else {
                $json = json_decode($result);
                //print_r($json->access_token);
            }
Community
  • 1
  • 1
MrD
  • 4,986
  • 11
  • 48
  • 90
  • 3
    The only way to resolve the issue is to update your server software stack. If GoDaddy won't do that for you on your existing server then you will need to migrate to a new server. – Drew Angell Mar 15 '16 at 21:11
  • move away from godaddy – jmj Apr 21 '16 at 05:39

1 Answers1

2

There was some security updates. You need to use TLS 1.2 for the sandbox (updates will need to be applied at a later date for Paypal in Live mode too).

https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1766&viewlocale=en_US

Here's the roadmap and the different dates :

Jan 14, 2016 After this date, Sandbox API endpoints only support new standard (HTTP/1.1, TLS 1.2 and SHA-256 certificates). This includes www.sandbox.paypal.com only accepting HTTPS for IPN Postbacks.

Jan 31, 2016 Production starts issuing API Credential Certificates with new standard (2048-bit, SHA-256).

Feb 29, 2016 Test Sandbox endpoints will be removed.

Mar 17, 2016 New SFTP IP addresses add to DNS for reports.paypal.com.

Apr 14, 2016 Old SFTP IP addresses removed from DNS for reports.paypal.com.

May 12, 2016 Old SFTP IP addresses stop working.

Jun 17, 2016 After this date, Production API endpoints will start moving to the new standard (HTTP/1.1, TLS 1.2 and SHA-256 certificates)

Sep 30, 2016 IPN postbacks to www.paypal.com only allow HTTPS

Jan 1, 2018 All Certificate API Credentials must have been upgraded to the new standard.

In order to sort that, I would advise you to contact GoDaddy and see if they will be able to support those security format.

Florian

PP_Florian
  • 96
  • 3