0

I keep getting warnings from PayPal about TLS 1.2 and HTTP/1.1 Upgrade, saying that an update is needed. However, I've ran the following tests:

HTTP/1.1 Test

$ curl --head mywebsite.com

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.9.2
Date: Thu, 31 May 2018 16:25:30 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: https://mywebsite.com

TLS 1.2 Test

I ran a PHP script I found, which I ran on my webserver

PayPal_Connection_OK

ssllabs.com tests

Protocols supported: TLS 1.0, TLS 1.1, TLS 1.2

HTTP Requests: https://mywebsite.com/ (HTTP/1.1 200 OK)

Questions

  1. Everything looks good. What am I missing?
  2. How would PayPal determine that my site needs a TLS 1.2 and HTTP/1.1 update?
Craig
  • 139
  • 1
  • 2
  • 12

1 Answers1

1

This turned out to be a cURL issue. cURL was defaulting to a TLSv1.x connection and not handshaking to a TLSv1.2 connection. I'd been barking up the wrong tree. The following steps on CentOS resolved my problem:

  1. Update the following 3 packages:

sudo yum update curl libcurl nss

  1. Restart nginx/apache*

sudo service nginx restart

sudo service hhvm restart

*Replace these with relevant services (e.g. apache, php-fpm, etc...)

Craig
  • 139
  • 1
  • 2
  • 12