PayPal IPN OPENSSL error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
According to SSLLabs this server only supports TLS 1.2, i.e. no TLS 1.1, TLS 1.0 or SSL 3.0.
Given that you are using a fairly old version of PHP chances are high that you are also using an older version of OpenSSL. The necessary support for TLS 1.2 was only added with OpenSSL version 1.0.1. To find out which version you are using you might useMy Current PHP version is 5.3. Recently I have updated it 5.2 to 5.3
php -r 'printf("0x%x\n", OPENSSL_VERSION_NUMBER);'
This should return at least 0x10001000 (i.e. version 1.0.1). Anything below has no support for TLS 1.2. php-paypal-error: 14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
If you are pointing to the Sandbox server, recently there were some updates made that would cause that specific error.
Below is the information and link from the PayPal Merchant Technical Support Microsite on the SHA-256 Upgrade:
Directly from the PayPal MicroSite:Support SHA-256. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust
SHA-256 algorithm. You will need to update your integration to support
certificates using SHA-256.
Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure
connections that require the VeriSign G2 Root Certificate for trust
validation. Only secure connection requests that are expecting our
certificate/trust chain to be signed by the G5 Root Certificate will
result in successful secure connections.
SSL Certificate Upgrade
Here is the link to the PayPal User Guide with detailed instructions on changing your Certificate to a G5 Root Certificate.On January 19-20, 2016 The Sandbox endpoints will be upgraded to new
SHA-256, 2048-bit certificates:api.sandbox.paypal.com
api-3t.sandbox.paypal.com
api-aa.sandbox.paypal.com
api-aa-3t.sandbox.paypal.com
svcs.sandbox.paypal.com
pointofsale.sandbox.paypal.com
ipnpb.sandbox.paypal.com
www.sandbox.paypal.com (for IPN)
Paypal can not connect to Sandbox server. Return error 14077410 (sslv3 alert handshake failure)
You'll have to switch the cURL request to use TLS 1.2 in order to use the PayPal sandbox. I'm in the same boat, and there's no way around it, unfortunately. They just activated the change on the sandbox environment a few days ago.
https://devblog.paypal.com/upcoming-security-changes-notice/
MAMP SSL error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
The solution:
brew install openssl
- Download and unpack the latest cURL
In the cURL source directory:
LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure --prefix=/Applications/MAMP/Library/
make
make install
- Restart MAMP
In PHP, between
curl_init
andcurl_exec
:curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
The path to finding the solution started with this site, which describes a different SSL error on MAMP, and suggests recompiling a fresh version of cURL with--prefix=/Applications/MAMP/Library/
to overwrite the one MAMP uses. I tried this but it didn't work. Later, something possessed me to study the cURL compile options, and I noticed instructions for specifying a different version of OpenSSL when compiling it. I decided to give it a try (promising myself that this was the last attempt and then I would give up). I installed an up to date OpenSSL package with Homebrew, and its helpful post-install info said:
If you build your own software and it requires this formula, you'll need to add to your
build variables:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
That looked similar to something I saw in the cURL compile options, which specified the correct syntax for the above:LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="-I/usr/local/opt/openssl/include" ./configure
I added back in the --prefix=/Applications/MAMP/Library/
, followed by the usual make
and make install
, restarted MAMP, and sighed with relief. I later discovered that one of the cURL options I had thrown in from another website was also necessary to avoid a different SSL error ("SSL certificate problem: unable to get local issuer certificate"). Setting CURLOPT_SSL_VERIFYPEER
to false solved that one for me.
Related Topics
Why Is MySQLi_Insert_Id() Always Returning 0
Find Array Key in Objects Array Given an Attribute Value
Function to Add Dashes to Us Phone Number in PHP
Best Way to Identify a User Uniquely
Sending JavaScript Object to PHP via Ajax
Remove Extra Spaces But Not Space Between Two Words
Find Windows 32 or 64 Bit Using PHP
How to Assign PHP Array Values to JavaScript Array
How to Tag a User in a Photo Using the Facebook Graph API
How to Reference a Column Other Than 'Id' for a Joincolumn
Mail Not Sending with PHPmailer Over Ssl Using Smtp
Ssl Alternative - Encrypt Password with JavaScript Submit to PHP to Decrypt
Create a Zip File Using PHP Class Ziparchive Without Writing the File to Disk
What Is the Best Method for Getting a Database Connection/Object into a Function in PHP
Order Properties Should Not Be Accessed Directly - Woocommerce 3.0
PHP - Display a 404 Error Without Redirecting to Another Page