TLS 1.2 support

[guiwoda]

According to https://devblog.paypal.com/upcoming-security-changes-notice/ Paypal is turning off SSL support in June 17, but I'm receiving errors from apps on sandbox right now as well.

Should we expect the library to change to TLS 1.2 by default?
Is there anything I can do to help you with that?

Cheers!

[DMeganoski]

Yes, I have been getting errors on our test server for about a week, though oddly not from my local machine. The test server is not my personal paypal account, though.

I need this to continue testing my application, though. D:

I can try using my personal sandbox credentials, but I fear that account is soon to be affected as well. Does anyone know of a temporary fix?

[guiwoda]

You can pass a customized Guzzle\Http\Client with CURLOPT_SSLVERSION => 6
to work around it. (6 is CURL_SSLVERSION_TLSv1_2 but somehow I didn't have
it declared in php 5.6.12).

El mar., 26 de ene. de 2016 19:02, Darryl Meganoski <
notifications@github.com> escribió:

Yes, I have been getting errors on our test server for about a week,
though oddly not from my local machine. The test server is not my personal
paypal account, though.

I need this to continue testing my application, though. D:

I can try using my personal sandbox credentials, but I fear that account
is soon to be affected as well. Does anyone know of a temporary fix?

—
Reply to this email directly or view it on GitHub
#103 (comment)
.

[delatbabel]

What you will probably need to do as well, and what we ended up having to do, is to upgrade your version of libcurl and related libraries to support TLS 1.2. The version of TLS is actually auto-negotiated by the client (curl) and the server (apache/nginx/whatever) so if your libcurl doesn't support TLS 1.2 you're going nowhere.

If you're on CentOS 6 for example, the supplied libcurl does not support TLS 1.2. Try this:

rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-12.rhel6.noarch.rpm
yum -y install libcurl
yum -y update

[delatbabel]

My understanding is that libcurl versions > 7.40 should do the trick. libcurl for CentOS 6 is 7.19.

[DMeganoski]

My local machine has 7.39, I'll have to check the server. Thanks for the tips, I'll see if I can get this working later today.

[guiwoda]

It works on CentOS with libcurl v7.19.7-46

Scratch that, I'm having issues in my live environment with that version. But not in Vagrant. Odd.

[Elodis]

I've updated ran a composer update, confirmed latest version of omnipay/paypal as well as performed the libcurl update instructions above:

Package libcurl-7.47.0-1.0.cf.rhel6.x86_64 installed and latest version

Still getting the "[curl] 35" error when using Sandbox. No mention of the SSLv3 error however as in #104

Any Ideas?

Also, the rpm address you mention http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-12.rhel6.noarch.rpm has since been moved and now causes a 404.. I grabbed:

http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-1-13.rhel6.noarch.rpm

--- Update ---

I also performed the command line test:
$ php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch));'

and got the success message "PayPal_Connection_OK bool(true)" , so I'm pretty sure the server is ok

per: https://github.com/paypal/TLS-update

--- Final Update ---

As a last effort, did an httpd restart and everything seems to be working so far...sorry for the confusion. I can delete this or leave it in case it might help someone else.

[delatbabel]

Ah OK -- yes a http restart would be required to pick up the newer version of libcurl, in fact I would be inclined to do a reboot when updating such a low level library as it could be embedded in all sorts of stuff.

[lukeholder]

Since this was top result in my search, I will leave this here for MAMP users with this issue: paypal/PayPal-PHP-SDK#484 (comment)