Skip to content
This repository has been archived by the owner on Sep 29, 2023. It is now read-only.

API auth failure #479

Closed
yoye opened this issue Jan 21, 2016 · 19 comments
Closed

API auth failure #479

yoye opened this issue Jan 21, 2016 · 19 comments
Labels

Comments

@yoye
Copy link

yoye commented Jan 21, 2016

When I'm trying to create a new payment on sandbox I've got an error. Here is the exception message : "error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure"

My SSL version : OpenSSL 1.0.1c 10 May 2012
SDK version : 1.6.4 (but same problem with 1.2)

@yoye yoye changed the title Cannot create payment on sandbox environment API auth failure Jan 21, 2016
@yoye
Copy link
Author

yoye commented Jan 21, 2016

After investigating, this seems to be related #474

I will close this issue if it works.

@jcshep
Copy link

jcshep commented Jan 21, 2016

I've updated my version of the SDK and I'm still receiving the same issue yoye.

@jaypatel512
Copy link
Contributor

Make sure you are using the correct PHP. Make sure to run php -f sample/tls/TlsCheck.php and verify if it is able to talk properly.

Also, I would recommend following instruction here: https://github.paypal.com/SDK-R/tls-update/blob/master/readme.md#php

@jcshep
Copy link

jcshep commented Jan 21, 2016

The message received is SUCCESS. Your system supports TLSv1.2

@imants-kusins
Copy link

Hi,

When running php -f sample/tls/TlsCheck.php I receive this message:
FAILURE: SECURITY WARNING: TLSV1.2 IS NOT SUPPORTED ON THIS SYSTEM. PLEASE UPGRADE YOUR CURL TO ATLEAST 7.34.0.
- CURRENT CURL VERSION: 7.43.0

and my cURL version is 7.43.0
which all leads to the error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure error

@Caffe1neAdd1ct
Copy link

Can you try running in a terminal:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, 6); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

@jcshep
Copy link

jcshep commented Jan 22, 2016

Here's my response:

PayPal_Connection_OKbool(true)
string(0) ""

On Fri, Jan 22, 2016 at 12:36 PM, Kevin Andrews [email protected]
wrote:

Can you try running in a terminal:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "
https://tlstest.paypal.com/"); curl_setopt($ch, CURLOPT_SSLVERSION, 6);
var_dump(curl_exec($ch)); var_dump(curl_error($ch));'


Reply to this email directly or view it on GitHub
#479 (comment)
.

@Caffe1neAdd1ct
Copy link

And if you run the same command without the CURLOPT_SSLVERSION option?:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'

@jcshep
Copy link

jcshep commented Jan 22, 2016

Same thing -
PayPal_Connection_OKbool(true)
string(0) "

On Fri, Jan 22, 2016 at 1:12 PM, Kevin Andrews [email protected]
wrote:

And if you run the same command without the CURLOPT_SSLVERSION option?:

php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'


Reply to this email directly or view it on GitHub
#479 (comment)
.

@Caffe1neAdd1ct
Copy link

You should be ok then, make sure to update SDK to 1.6.4 which has the CURLOPT_SSLVERSION set to 6.

@jcshep
Copy link

jcshep commented Jan 22, 2016

Thats where i'm stuck - I've updated to the SDK and I'm still getting SSL
protocol unsupported error. I'm running openSSL 0.98 on my local machine -
could that be the issue?

On the remote server it's working, and that version is 1.01. However, I
figured that because my TLS checks were working, my version of openSSL
should be fine. Also - funny thing is that if I switch it to live mode on
my local comuter I *can * connect without the SSL protocol warning.

On Fri, Jan 22, 2016 at 1:24 PM, Kevin Andrews [email protected]
wrote:

You should be ok then, make sure to update SDK to 1.6.4 which has the
CURLOPT_SSLVERSION set to 6.


Reply to this email directly or view it on GitHub
#479 (comment)
.

@Caffe1neAdd1ct
Copy link

I've tested on a CentOS 6 box with PHP 5.4 from scl and openssl v1.0.1 and it works.

Googling openssl 0.98 tls 1.2 gives:

Unfortunately, OpenSSL 0.9.8 doesn't support either TLS 1.1 or 1.2, and this support cannot be added

Looks like you've hit the nail on the head :-)

@Caffe1neAdd1ct
Copy link

Also I have the standard version of curl from CentOS 6 which is lower than the required version and it appears to work fine with TLS 1.2 and the test api... So I think the main requirements are:

PHP >= 5.3
Curl >= 7
Openssl >= 1.0.1

I'm not 100% on the PHP version as I've only tested with PHP 5.4, 5.5 & 5.6 so far.

@yoye
Copy link
Author

yoye commented Jan 25, 2016

@jaypatel512 when typing php -f sample/tls/TlsCheck.php

got this response (1) FAILURE: SECURITY WARNING: TLSV1.2 IS NOT SUPPORTED ON THIS SYSTEM. PLEASE UPGRADE YOUR CURL TO ATLEAST 7.34.0.<BR /> - CURRENT CURL VERSION: 7.39.0<BR /> - CURRENT OPENSSL VERSION:OPENSSL/1.0.1C
which seems really weird.

Your link https://github.paypal.com/SDK-R/tls-update/blob/master/readme.md#php is currently broken.

@jaypatel512
Copy link
Contributor

Hey @yoye !

Corrected Link : https://github.com/paypal/TLS-update/blob/master/README.md#php

There is a good chance that your cli and web php version are not the same. The best way to determine that is by running php --version on command line, and use a web browser to open php info and confirm if openssl versions on both are similar, and has proper openssl version.

@yoye
Copy link
Author

yoye commented Jan 25, 2016

cURL version are the same on both CLI and web.

@jaypatel512
Copy link
Contributor

Hey @yoye !

I have fixed the link to tls-update in samples. I would recommend running samples in a localhost web server, by following instructions here: https://github.com/paypal/PayPal-PHP-SDK/wiki/Samples#instructions

And run the tls-check sample, and see if you are seeing the same error.

@yoye
Copy link
Author

yoye commented Jan 28, 2016

Thank you but it seem's that my openssl version is not correct. I've got 1.0.1c perhaps the sample could throw a warning for this.

@jaypatel512
Copy link
Contributor

You can follow up on the tls version issue on the following thread: #484

Closing this issue, as a duplicate.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

5 participants