Geek Answers Handbook

PayPal TLS Test Test URL - PHP curl SSL protocol twist error

I am trying to test a new PayPal testing endpoint: https://tlstest.paypal.com .

Take a look at the very bottom of this page: TLS 1.2 and HTTP / 1.1 Upgrade Microsite (check your ...).

I am using PHP (5.3.28) and curl (7.30.0 - OpenSSL / 0.9.8y - libssh2 / 1.4.2) on Windows Server 2008 R2 and IIS 7.5:

 $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://tlstest.paypal.com'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FAILONERROR, true); curl_setopt($ch, CURLOPT_SSLVERSION, 6); // CURL_SSLVERSION_TLSv1_2 $result = curl_exec($ch); echo 'result = '.$result.'<br>'; echo 'errno = '.curl_errno($ch).'<br>'; echo 'error = '.curl_error($ch).'<br>'; curl_close($ch);

I get this error:

35 Unknown SSL protocol error due to tlstest.paypal.com-00-0043

I found this: Github is an unknown SSL protocol error in which someone says:

Openssl must be 1.0.1 or higher for TLS 1.2.

It is right..?

My PHP OpenSSL is on version: OpenSSL/0.9.8y (from phpinfo() ).

If you need OpenSSL 1.0.1 or higher to use TLS 1.2, then presumably every server running PHP with a smaller version of OpenSSL (I assume a lot!) Will not be able to use any PayPal or PayPal IPN APIs in the near future.

How to update PHP version of OpenSSL on Windows ..?

+6
source share
1 answer

It works for me now. TLS 1.2 seems to require at least OpenSSL / 1.0.1i .

I upgraded my version of PHP to 5.6.0, which upgraded OpenSSL to version 1.0.1.

I also needed:

  • Use curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); to verify the certificate. By default, true is cURL 7.10.
  • Save cacert.pem from http://curl.haxx.se/docs/caextract.html locally (in my case c: \ cert), then update the PHP ini that you use for the cacert.pem link as shown here . Using the ini file allows you to use curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '\cacert.pem'); in every call.
+1
source

More articles:


All Articles