API auth failure

[yoye]

When I'm trying to create a new payment on sandbox I've got an error. Here is the exception message : "error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"

My SSL version : OpenSSL 1.0.1c 10 May 2012
SDK version : 1.6.4 (but same problem with 1.2)

[yoye]

After investigating, this seems to be related #474

I will close this issue if it works.

[jcshep]

I've updated my version of the SDK and I'm still receiving the same issue yoye.

[jaypatel512]

Make sure you are using the correct PHP. Make sure to run php -f sample/tls/TlsCheck.php and verify if it is able to talk properly.

Also, I would recommend following instruction here: https://github.paypal.com/SDK-R/tls-update/blob/master/readme.md#php

[jcshep]

The message received is SUCCESS. Your system supports TLSv1.2

[imants-kusins]

Hi,

When running php -f sample/tls/TlsCheck.php I receive this message:
FAILURE: SECURITY WARNING: TLSV1.2 IS NOT SUPPORTED ON THIS SYSTEM. PLEASE UPGRADE YOUR CURL TO ATLEAST 7.34.0.
- CURRENT CURL VERSION: 7.43.0

and my cURL version is 7.43.0
which all leads to the error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure error

[Caffe1neAdd1ct]

Can you try running in a terminal:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, 6); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

[jcshep]

Here's my response:

PayPal_Connection_OKbool(true)
string(0) ""

On Fri, Jan 22, 2016 at 12:36 PM, Kevin Andrews notifications@github.com
wrote:

Can you try running in a terminal:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "
https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, 6);
var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

—
Reply to this email directly or view it on GitHub
#479 (comment)
.

[Caffe1neAdd1ct]

And if you run the same command without the CURLOPT_SSLVERSION option?:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

[jcshep]

Same thing -
PayPal_Connection_OKbool(true)
string(0) "

On Fri, Jan 22, 2016 at 1:12 PM, Kevin Andrews notifications@github.com
wrote:

And if you run the same command without the CURLOPT_SSLVERSION option?:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

—
Reply to this email directly or view it on GitHub
#479 (comment)
.

[Caffe1neAdd1ct]

You should be ok then, make sure to update SDK to 1.6.4 which has the CURLOPT_SSLVERSION set to 6.

[jcshep]

Thats where i'm stuck - I've updated to the SDK and I'm still getting SSL
protocol unsupported error. I'm running openSSL 0.98 on my local machine -
could that be the issue?

On the remote server it's working, and that version is 1.01. However, I
figured that because my TLS checks were working, my version of openSSL
should be fine. Also - funny thing is that if I switch it to live mode on
my local comuter I *can * connect without the SSL protocol warning.

On Fri, Jan 22, 2016 at 1:24 PM, Kevin Andrews notifications@github.com
wrote:

You should be ok then, make sure to update SDK to 1.6.4 which has the
CURLOPT_SSLVERSION set to 6.

—
Reply to this email directly or view it on GitHub
#479 (comment)
.

[Caffe1neAdd1ct]

I've tested on a CentOS 6 box with PHP 5.4 from scl and openssl v1.0.1 and it works.

Googling openssl 0.98 tls 1.2 gives:

Unfortunately, OpenSSL 0.9.8 doesn't support either TLS 1.1 or 1.2, and this support cannot be added

Looks like you've hit the nail on the head :-)

[Caffe1neAdd1ct]

Also I have the standard version of curl from CentOS 6 which is lower than the required version and it appears to work fine with TLS 1.2 and the test api... So I think the main requirements are:

PHP >= 5.3
Curl >= 7
Openssl >= 1.0.1

I'm not 100% on the PHP version as I've only tested with PHP 5.4, 5.5 & 5.6 so far.

[yoye]

@jaypatel512 when typing php -f sample/tls/TlsCheck.php

got this response (1) FAILURE: SECURITY WARNING: TLSV1.2 IS NOT SUPPORTED ON THIS SYSTEM. PLEASE UPGRADE YOUR CURL TO ATLEAST 7.34.0.<BR /> - CURRENT CURL VERSION: 7.39.0<BR /> - CURRENT OPENSSL VERSION:OPENSSL/1.0.1C
which seems really weird.

Your link https://github.paypal.com/SDK-R/tls-update/blob/master/readme.md#php is currently broken.

[jaypatel512]

Hey @yoye !

Corrected Link : https://github.com/paypal/TLS-update/blob/master/README.md#php

There is a good chance that your cli and web php version are not the same. The best way to determine that is by running php --version on command line, and use a web browser to open php info and confirm if openssl versions on both are similar, and has proper openssl version.

[yoye]

cURL version are the same on both CLI and web.

[jaypatel512]

Hey @yoye !

I have fixed the link to tls-update in samples. I would recommend running samples in a localhost web server, by following instructions here: https://github.com/paypal/PayPal-PHP-SDK/wiki/Samples#instructions

And run the tls-check sample, and see if you are seeing the same error.

[yoye]

Thank you but it seem's that my openssl version is not correct. I've got 1.0.1c perhaps the sample could throw a warning for this.

[jaypatel512]

You can follow up on the tls version issue on the following thread: #484

Closing this issue, as a duplicate.