32

I am working with Expresscheckout on Paypal, For single time Users payment integration. Working flow 1st create token and user redirect to paypal page and success to my return url page. 1.SetExpressCheckout 2. DoExpressCheckoutPayment

My Problem: 1.Now i need to set ipn for this payment system. 2.My notify url is not working on simulator.It gives error(IPN was not sent, and the handshake was not verified. Please review your information.) https://developer.paypal.com/developer/ipnSimulator/

I need some help for this is not set on my side. Please help me out on this.

Thank you in advance.

shashik493
  • 790
  • 1
  • 10
  • 12
  • 1
    Follow the steps here for [testing PayPal IPN](https://www.angelleye.com/test-paypal-ipn/) and you should be able to find your problem. – Drew Angell Sep 15 '15 at 21:49
  • 1
    99% sure the simulator was just broken for me. Went ahead and tested using sandbox environment instead and everything works fine. – Kevin Wheeler Aug 20 '16 at 00:28
  • 1
    @kevinWheeler what do you mean? Could you elaborate on how you tested "using sandbox environment"? Edit: I think I got it... it's a whole new testing system under www.sandbox.paypal.com – Nilzor Sep 09 '16 at 18:29
  • I have the same error today. Mostly the ipn-listner script got error. So, I check the error log and fixed the error in my script and the error on IPN stimulator is gone. – Dat TT Feb 04 '17 at 15:53

4 Answers4

21

The handshake error is most likely to occur when your server/keystore config is non-compliant with the upgraded PayPal SSL encryption algorithms.

IPN simulator will connect againest the PayPal Sandbox environment, which has been upgraded with Versign G5 root cert / SHA-2 encryption algorithms (btw this is an industry standard as supposed to be everywhere in 2016). Once your IPN host failed to meet the compliance, the SSL connnection will error out with handshake problems.

Simply check your server by running a connection script against the PayPal sandbox endpoint like this:

openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/

If you were not getting an Verify return code: 0 (ok), you would probably have to check the cert/SHA-2 compatibility, following the general instructions that PayPal has published here:

2015-2016 SSL Certificate Change Microsite

pp_pduan
  • 3,392
  • 1
  • 9
  • 15
  • 2
    I'm getting the same error and I'm using SH2 encryption algorithms. When testing with your openssl command, I'm also getting the `Verify return cod: 0 (ok)` plus a lot of other things. What could be wrong? – Uriel Hernández Sep 25 '15 at 20:34
  • Try make a manual sandbox transaction with form button, and point the `notify_url` to your IPN listener, sample url request: `https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_xclick&business=usm%40email.com&item_name=test&amount=1.00&currency_code=USD&no_shipping=1&return=http%3A%2F%2Flychee-vip.ccg21.dev.paypalcorp.com%2Ftools%2Fpdt.php&notify_url=https%3A%2F%2Fbt-pduan-1.c9.io%2Fipn.php&cancel_return=http%3A%2F%2Flychee-vip.ccg21.dev.paypalcorp.com%2F&submit.x=147&submit.y=17` – pp_pduan Sep 26 '15 at 14:29
  • Still not getting anything, it doesn't seem to appear in my logs either. Checking other people's code, I'm wondering if I could get an error if I'm not validating the IPN, I mean, is it necessary to resend the notification params to PayPal, or that is just a security hole but not an error. – Uriel Hernández Sep 28 '15 at 22:44
  • 2
    Two parts to look into: 1-Is the IPN message ever captured by your script?Check the web server access log & route/firewall settings that might block PayPal posts to your server / 2-Did your script get the verification response when it posts back the params to PayPal? Either `Verified` or `Invalid` would be returned. To answer your last concern, POST-Back is the secure manner to verifiy (and only to verify) the messages, or your may skip it by setting up your own authenticating rules e.g. check if it's coming from PayPal IP addresses. – pp_pduan Sep 29 '15 at 02:00
  • 1
    In my case I was adding a variable to the end of my url like this ?tid=701 After removing that from the end of the URL the handshake was completed and the ipn began to work again. – iconMatrix Sep 30 '15 at 21:19
  • 3
    I have the same issue but i have zero idea what you guys are talking about lol @pp_pduan – Alain Goldman Nov 12 '15 at 07:48
  • The openssl command appears to check for SSLv3 (on my Mac, at least): `35771:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure ...`. SSLv3 has been deemed unsafe and is rejected by Paypal. Not sure how to fix this, though. – Thomas Tempelmann Oct 02 '17 at 08:39
  • In my case the IPN is working for real transactions, but the simulator does not work, i get the same error. – delphirules Dec 11 '18 at 12:54
  • 1
    Dead link. Would have been nice if more info was included in the answer. – CoryCoolguy Aug 10 '19 at 17:29
2

I was having the same issue. A workaround to test IPN messages would be to actually setup IPN notification URL on your Sandbox business account and test it from there.

  • Login to https://sandbox.paypal.com with your sandbox business account (sb-xyz@business.example.com)
  • Navigate to your Account Settings page
  • Website Payments
  • Update Instant payment notifications
  • set your notification URL there.

Make sure, your IPN listener is not behind firewall and is directly accessible from outside world.

bhu1st
  • 1,282
  • 11
  • 23
1

PayPal's Response:

"Thank you for contacting PayPal Merchant Technical Services, I apologize for the delay in responding to your email.

We are aware of this issue with our IPN Simulator and our development team is working on a fix. Until this issue is fixed, I'd suggest running your IPN tests by making payments in Sandbox as we do send IPN requests with every payment.

If you have a similar issue with your payment tests, please let us know and we can take a look.

My apologies for the inconvenience caused."

Program-Me-Rev
  • 6,184
  • 18
  • 58
  • 142
  • 1
    My problem is that it looks like this error is genuine as the script isn't working either, but the connection can be seen in access logs. This IPN Simulator error you're talking about is flooding search results and making mine impossible to find a fix for. All tests, command line, remote testing sites, etc are coming back fine and correct TLS versions etc, as they should do as that server is currently hosting 2 other sites that work with PayPal fine. – David Bell Nov 09 '16 at 17:25
0

Use another domain name. The problem is dns.

Babbo Natale
  • 81
  • 1
  • 3