CURL和PHP SSLv3错误，并且无法使用TLS

Question

I am trying to connect to PayPal sandbox using CURL. I've searched both this website and many others trying to find the right answer however, none, and I mean none, have worked for me and I still get the error:

SetExpressCheckout failed: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure ( 35 )

I have the following CURL and PHP installed (It is bought and shared hosting so I cannot upgrade anything).

• Curl Verison: 7.36.0
• SSL Version: OpenSSL/0.9.8b
• PHP Version: 5.4.45

The code I am currently using:

class MyPayPal {
    function PPHttpPost($methodName_, $nvpStr_, $PayPalApiUsername, $PayPalApiPassword, $PayPalApiSignature, $PayPalMode) {
        // Set up your API credentials, PayPal end point, and API version.
        $API_UserName = urlencode($PayPalApiUsername);
        $API_Password = urlencode($PayPalApiPassword);
        $API_Signature = urlencode($PayPalApiSignature);

        $paypalmode = ($PayPalMode=='sandbox') ? '.sandbox' : '';

        $API_Endpoint = "https://api-3t".$paypalmode.".paypal.com/nvp";
        $version = urlencode('109.0');

        // Set the curl parameters.
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_SSLVERSION, 4);
        curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');

        curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
        curl_setopt($ch, CURLOPT_VERBOSE, 1);

        // Turn off the server and peer verification (TrustManager Concept).
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_POST, 1);

        // Set the API operation, version, and API signature in the request.
        $nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";

        // Set the request as a POST FIELD for curl.
        curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

        // Get response from the server.
        $httpResponse = curl_exec($ch);

        if(!$httpResponse) {
            exit("<span style='font-family: Verdana'><strong>$methodName_ failed: </strong>".curl_error($ch).'<strong> (</strong> '.curl_errno($ch).' <strong>)</strong></span>');
        }

        // Extract the response details.
        $httpResponseAr = explode("&", $httpResponse);

        $httpParsedResponseAr = array();
        foreach ($httpResponseAr as $i => $value) {
            $tmpAr = explode("=", $value);
            if(sizeof($tmpAr) > 1) {
                $httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
            }
        }

        if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
            exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
        }

    return $httpParsedResponseAr;
}

}

It doesn't matter what I do, I cannot seem to conquer this error. :( Any guidance will be helpful.

Answer 1

Paypal now supports only TLS 1.2 on the sandbox (and in June the same will apply to production systems). If you want to use TLS 1.2 you'll need to upgrade to OpenSSL 1.0.1+ as a minimum, and then you'll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2). If you want TLS 1.2 to be used automatically during SSL requests, you'll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).

However, you've said you're on shared hosting and can't upgrade the software yourself...so you're out of luck. My advice would be to get away from whatever hosting provider is still stuck on OpenSSL 0.9.8.

Reference: https://devblog.paypal.com/upcoming-security-changes-notice/