Php-Paypal-Error: 14077410:Ssl Routines:Ssl23_Get_Server_Hello:Sslv3 Alert Handshake Failure

  • Home
  • Languages
  • PHP
  • Php-Paypal-Error: 14077410:Ssl Routines:Ssl23_Get_Server_Hello:Sslv3 Alert Handshake Failure

PayPal IPN OPENSSL error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

According to SSLLabs this server only supports TLS 1.2, i.e. no TLS 1.1, TLS 1.0 or SSL 3.0.

My Current PHP version is 5.3. Recently I have updated it 5.2 to 5.3

Given that you are using a fairly old version of PHP chances are high that you are also using an older version of OpenSSL. The necessary support for TLS 1.2 was only added with OpenSSL version 1.0.1. To find out which version you are using you might use 

 php -r 'printf("0x%x\n", OPENSSL_VERSION_NUMBER);'

This should return at least 0x10001000 (i.e. version 1.0.1). Anything below has no support for TLS 1.2.

php-paypal-error: 14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

If you are pointing to the Sandbox server, recently there were some updates made that would cause that specific error.

Below is the information and link from the PayPal Merchant Technical Support Microsite on the SHA-256 Upgrade:

Support SHA-256. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust
SHA-256 algorithm. You will need to update your integration to support
certificates using SHA-256.

Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure
connections that require the VeriSign G2 Root Certificate for trust
validation. Only secure connection requests that are expecting our
certificate/trust chain to be signed by the G5 Root Certificate will
result in successful secure connections.

Directly from the PayPal MicroSite:
SSL Certificate Upgrade

On January 19-20, 2016 The Sandbox endpoints will be upgraded to new
SHA-256, 2048-bit certificates:

api.sandbox.paypal.com
api-3t.sandbox.paypal.com
api-aa.sandbox.paypal.com
api-aa-3t.sandbox.paypal.com
svcs.sandbox.paypal.com
pointofsale.sandbox.paypal.com
ipnpb.sandbox.paypal.com
www.sandbox.paypal.com (for IPN)

Here is the link to the PayPal User Guide with detailed instructions on changing your Certificate to a G5 Root Certificate.

Paypal can not connect to Sandbox server. Return error 14077410 (sslv3 alert handshake failure)

You'll have to switch the cURL request to use TLS 1.2 in order to use the PayPal sandbox. I'm in the same boat, and there's no way around it, unfortunately. They just activated the change on the sandbox environment a few days ago.

https://devblog.paypal.com/upcoming-security-changes-notice/

MAMP SSL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The solution:

  1. brew install openssl
  2. Download and unpack the latest cURL

  3. In the cURL source directory: 

    LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure --prefix=/Applications/MAMP/Library/
  4. make
  5. make install
  6. Restart MAMP

  7. In PHP, between curl_init and curl_exec:

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

The explanation:

The path to finding the solution started with this site, which describes a different SSL error on MAMP, and suggests recompiling a fresh version of cURL with

--prefix=/Applications/MAMP/Library/ to overwrite the one MAMP uses. I tried this but it didn't work. Later, something possessed me to study the cURL compile options, and I noticed instructions for specifying a different version of OpenSSL when compiling it. I decided to give it a try (promising myself that this was the last attempt and then I would give up). I installed an up to date OpenSSL package with Homebrew, and its helpful post-install info said:

If you build your own software and it requires this formula, you'll need to add to your 
build variables:

LDFLAGS:  -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include

That looked similar to something I saw in the cURL compile options, which specified the correct syntax for the above:

LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure

I added back in the --prefix=/Applications/MAMP/Library/, followed by the usual make and make install, restarted MAMP, and sighed with relief.

I later discovered that one of the cURL options I had thrown in from another website was also necessary to avoid a different SSL error ("SSL certificate problem: unable to get local issuer certificate"). Setting CURLOPT_SSL_VERIFYPEER to false solved that one for me.


Related Topics

Why Is MySQLi_Insert_Id() Always Returning 0

Find Array Key in Objects Array Given an Attribute Value

Function to Add Dashes to Us Phone Number in PHP

Best Way to Identify a User Uniquely

Sending JavaScript Object to PHP via Ajax

Remove Extra Spaces But Not Space Between Two Words

Find Windows 32 or 64 Bit Using PHP

Phpexcel Ziparchive Not Found

How to Assign PHP Array Values to JavaScript Array

How to Tag a User in a Photo Using the Facebook Graph API

How to Reference a Column Other Than 'Id' for a Joincolumn

Mail Not Sending with PHPmailer Over Ssl Using Smtp

Ssl Alternative - Encrypt Password with JavaScript Submit to PHP to Decrypt

Create a Zip File Using PHP Class Ziparchive Without Writing the File to Disk

What Is the Best Method for Getting a Database Connection/Object into a Function in PHP

Order Properties Should Not Be Accessed Directly - Woocommerce 3.0

PHP - Display a 404 Error Without Redirecting to Another Page

How to Connect an Oracle Database from PHP


Leave a reply



Submit