0

I am trying to setup Instant Payment Notifications in paypal and am having trouble with POSTing back to tls://www.sandbox.paypal.com during the verification phase.

I am using the code found here: https://developer.paypal.com/docs/classic/ipn/gs_IPN/

Yet, when I try to connect I am receiving these errors:

 PHP Warning:  fsockopen(): SSL operation failed with code 1. OpenSSL Error     messages:
 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in /htdocs/test.php
fsockopen(): Failed to enable crypto in /htdocs/test.php

I have read the info here and it seems that I am trying to connect using the wrong protocol or I have the wrong cert installed. My OpenSSL is version 1.0.1e.

Unfortunately, I have no idea how to debug this or install the correct cert if necessary

Community
  • 1
  • 1
John Tangale
  • 325
  • 2
  • 17
  • Possible duplicate of [PayPal IPN acknowledgements failing with SSL routines:SSL3\_READ\_BYTES:sslv3 alert handshake failure](http://stackoverflow.com/questions/26379773/paypal-ipn-acknowledgements-failing-with-ssl-routinesssl3-read-bytessslv3-aler) – jww Feb 16 '16 at 08:32

1 Answers1

1

You don't need to install an SSL certificate. It's just that the software stack on your server needs to be updated.

Check this guide on the POODLE Vulnerability for more details.

Drew Angell
  • 25,968
  • 5
  • 32
  • 51
  • It appears that I am at the required openssl version already and have php 5.5.32 installed. That article mentions the CURLOPT_SSLVERSION to 6 (TLS 1.2), but the code from paypal uses fopen so I assume that doesn't apply? – John Tangale Feb 15 '16 at 22:38
  • I would recommend using curl instead of fopen. – Drew Angell Feb 15 '16 at 23:21
  • Converted to CURL and use the following curl option to fix the handshake issue. curl_setopt($ch, CURLOPT_SSLVERSION, 6); – John Tangale Feb 16 '16 at 14:01
  • With the current version of OpenSSL and PHP you should not have to specify the ssl version directly. It should fall back automatically to the working protocol. Either way, though, glad it's working for you. – Drew Angell Feb 16 '16 at 17:15