search

paypal / merchant-sdk-php

PHP SDK for integrating with PayPal's Express Checkout / MassPay / Web Payments Pro APIs
Other
231 stars 201 forks source link

Unsupported SSL protocol version error #107

Closed speller closed 8 years ago

speller commented 8 years ago

Required Information

Receive the error "Unsupported SSL protocol version" when running under live configuration. The issue is in CURL config. It work fine if I hardcode the CURL_SSLVERSION value to 4. With 5 or 6 it cause error.

The problem is I can not set the config value without hardcoding the package insights. It is no way to set it up.

ppmtscory commented 8 years ago

We'll have somebody take a look and get back to you here.

jaypatel512 commented 8 years ago

Hey @speller !

I wanted to confirm with you that the openssl version you have mentioned is the one you see in your curl, and not by running openssl version on a command line. PHP curl library has its own set of openssl library which is different from openssl.so module that you package along with php.

To find out the proper details of what version of openssl your curl is using, you may want to print print_r(curl_version()); in your browser, and verify that.

Based on the CURLOPT_SSLVERSION, you may be able to use either CURL_SSLVERSION_TLSv1(1) or CURL_SSLVERSION_TLSv1_2 (6).

Currently, based on TLS updates, sandbox environment currently has a TLSv1.2 only setup, however, live environment is scheduled for next year. We wish to make sure that you use the proper setup now, so that when the live environment is restricted to TLSv1.2 only, you will not face any issues. That is why it is very important to verify that the code you write on live should also work on sandbox.

I am easily able to work with sandbox and live using following details:

# CURLOPT_SSLVERSION => CURL_SSLVERSION_TLSv1(1), or CURL_SSLVERSION_TLSv1_2(6)
> echo json_encode(curl_version());
{
    "version_number": 471297,
    "age": 3,
    "features": 573981,
    "ssl_version_number": 0,
    "version": "7.49.1",
    "host": "x86_64-apple-darwin15.5.0",
    "ssl_version": "OpenSSL\/1.0.2h",
    "libz_version": "1.2.5",
    "protocols": ["dict", "file", "ftp", "ftps", "gopher", "http", "https", "imap", "imaps", "ldap", "ldaps", "pop3", "pop3s", "rtsp", "smb", "smbs", "smtp", "smtps", "telnet", "tftp"]
}
jaypatel512 commented 8 years ago

Closing this issue. For any TLS issues, please refer to https://github.com/paypal/TLS-update repository. We are adding more and more details for each language.