PayPal: Error during SSL Handshake with remote server

Question

Issue was originaly discussed: PayPal Sandbox 500 Proxy Error- PayPal Adaptive https://www.paypal-community.com/t5/About-Payments/Adaptive-payment-api-is-sending-Proxy-error/m-p/1091510

It seems that issue is returned back I am getting

<!DOCHTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>500 Proxy Error</title>
    </head><body>
    <h1>Proxy Error</h1>
    The proxy server could not handle the request <em><a href="/AdaptiveAccounts/GetVerifiedStatus">POST&nbsp;/AdaptiveAccounts/GetVerifiedStatus</a></em>.<p>
    Reason: <strong>Error during SSL Handshake with remote server</strong></p><p />
    </body></html>

On any request without code change on my side. Does anybody has this issue?

To be more specific I created a curl request which is reproduce my issue:

curl 'https://svcs.sandbox.paypal.com/AdaptiveAccounts/GetVerifiedStatus' -X POST -H 'X-PAYPAL-REQUEST-DATA-FORMAT: NV' -H 'X-PAYPAL-RESPONSE-DATA-FORMAT: NV'  -H 'X-PAYPAL-DEVICE-IPADDRESS: 10.10.44.75' -H 'X-PAYPAL-REQUEST-SOURCE: adaptiveaccounts-php-sdk-3.10.2'  -H 'User-Agent: PayPalSDK/adaptiveaccounts-php-sdk 3.10.2 (lang=PHP;v=7.0.9;bit=64;os=Linux_2.6.32-042stab103.6;machine=x86_64;openssl=1.0.1e-fips;curl=7.19.7)' -H 'X-PAYPAL-APPLICATION-ID: APP-XXXXXXXXXXXX' -H 'X-PAYPAL-SECURITY-USERID: ikhaldeev-facilitator_api1.dev.football.com' -H 'X-PAYPAL-SECURITY-PASSWORD: XXXXXXXXXXXX' -H'X-PAYPAL-SECURITY-SIGNATURE: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' -d 'accountIdentifier.emailAddress=paypalbiz%40example.com&matchCriteria=NAME&^CrstName=Test&lastName=Test'  --tlsv1.2

On this request I hot response:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Proxy Error</title>
</head><body>
<h1>Proxy Error</h1>
The proxy server could not handle the request <em><a href="/AdaptiveAccounts/GetVerifiedStatus">POST&nbsp;/AdaptiveAccounts/GetVerifiedStatus</a></em>.<p>
Reason: <strong>Error during SSL Handshake with remote server</strong></p><p />
</body></html>

As you can see I specified TLSv1.2 in curl command moreover if I will execute the same command from one of our server which does not support TLSv1.2(this server doesnot work with paypal), I get another error

curl 'https://svcs.sandbox.paypal.com/AdaptiveAccounts/GetVerifiedStatus' -X POST -H 'X-PAYPAL-REQUEST-DATA-FORMAT: NV' -H 'X-PAYPAL-RESPONSE-DATA-FORMAT: NV'  -H 'X-PAYPAL-DEVICE-IPADDRESS: 10.10.44.75' -H 'X-PAYPAL-REQUEST-SOURCE: adaptiveaccounts-php-sdk-3.10.2'  -H 'User-Agent: PayPalSDK/adaptiveaccounts-php-sdk 3.10.2 (lang=PHP;v=7.0.9;bit=64;os=Linux_2.6.32-042stab103.6;machine=x86_64;openssl=1.0.1e-fips;curl=7.19.7)' -H 'X-PAYPAL-APPLICATION-ID: APP-XXXXXXXXXXXX' -H 'X-PAYPAL-SECURITY-USERID: ikhaldeev-facilitator_api1.dev.football.com' -H 'X-PAYPAL-SECURITY-PASSWORD: XXXXXXXXXXXX' -H'X-PAYPAL-SECURITY-SIGNATURE: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' -d 'accountIdentifier.emailAddress=paypalbiz%40example.com&matchCriteria=NAME&^CrstName=Test&lastName=Test'

Response:

curl: (35) SSL connect error

As you could see this is another error. Ofcourse I use correct credentials, appId and etc.

Answer 1

That error means your server is not sending the HTTP request via the TLS 1.2 protocol, which PayPal requires in the Sandbox and will require on the Live servers next year.

More details available here. Most importantly,

If you want to use TLS 1.2 you’ll need to upgrade to OpenSSL 1.0.1 as a minimum, and then you’ll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2).

If you want TLS 1.2 to be used automatically during SSL requests, you’ll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).

That is assuming you're using PHP, of course. If not, then you'll just need to make sure to get TLS 1.2 working with whatever software stack you're using.