2

I have a site that is working perfectly since several months by implementing a expresscheckout based on NVP API Call.

I use both my own development user *-facilitator@xxx and the API credentials.

The fact is that I have not changed anything but since yesterday when I execute my call to the server https://api-3t.sandbox.paypal.com/nvp with the following string the server responses nothing.

USER=sdk-three_api1.sdk.com&PWD=QFZCWN5HZM8VBG7Q&SIGNATURE=A-IzJhZZjhg29XQ2qnhapuwxIDzyAZQ92FRP5dqBzVesOkzbdUONzmOU&VERSION=202&PAYMENTREQUEST_0_PAYMENTACTION=Sales&PAYMENTREQUEST_0_AMT=6&RETURNURL=https://www.alasediciones.com/detalles_pedido&CANCELURL=https://www.alasediciones.com/error&METHOD=SetExpressCheckout

What is it happening? What thing do I have to fix?

It is very strange.... Please, I need a solution because the next week y Company will be running.

Thank you

Fernando Llorente Haya
  • 21
  • 2
  • Need to see the actual HTTP POST result. If you're using cURL and you're getting a "blank" response then you should have some sort of a curl error. My guess is that it has something to do with ssl handshake failure, but you need to see the curl error to confirm. – Drew Angell Jan 23 '16 at 07:50
  • Andrew, the fact is that I have this implemented since several months (5) and last 19th I tested it againt successfully. Yesterday, I have found that the response to the petition return a empty response....Very Very strange l Last 19/01 I made some petition perfectly.... – Fernando Llorente Haya Jan 23 '16 at 07:57
  • The fact is...it's not working right now. You said you're getting a blank response. That tells me there's a curl error happening of some sort. You need to check that, like I said before. Continuing to state that it worked before and doesn't now helps nobody and wastes time. – Drew Angell Jan 23 '16 at 11:42
  • This is the error. SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure – Fernando Llorente Haya Jan 23 '16 at 13:42
  • I suppose something has changed in Pay Pal sand box environment? I have not changed anything in my local web drupal application. What do you think about this? What should I do? – Fernando Llorente Haya Jan 23 '16 at 13:43
  • Exactly what I anticipated. Look up the POODLE vulnerability. PayPal has been warning about this change for over a year now. – Drew Angell Jan 23 '16 at 14:28

1 Answers1

2

Paypal recently made a change to their sandbox environment a few days ago (Jan 19-20th 2016), requiring connections to the sandbox be done over TLS 1.2 and HTTP 1.1. Lots of people seem to be running into issues with this, including myself. Try making sure your code is making the request with the latest version of TLS (1.2), that seems to have worked for a lot of people.

Link to the change description on the PayPal blog:

https://devblog.paypal.com/upcoming-security-changes-notice/

0kay
  • 433
  • 4
  • 7