Error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

php ssl curl paypal server
59,612

Solution 1

TL;TR: your software is too old to support these servers.

Both servers support TLS 1.2 only as can be seen when checking with SSLLabs. Your OpenSSL version is 1.0.0s which does not support TLS 1.2 yet. Support is only available since 1.0.1.

my server have these certificates ...

The setup of your web server (i.e. certificates, TLS versions...) are not relevant because in this case you are the client connecting to some other server.

Solution 2

Your server may support TLS 1.2, but you need to make sure the HTTP requests are actually using it. Based on your result you're getting, you apparently are not using TLS 1.2 with the requests.

Try adding this to your cURL options:

curl_setopt($ch, CURLOPT_SSLVERSION, 6);

That will force TLS 1.2.

Alternatively, get your server software stack updated and this will happen automatically. See this post for more details, most importantly this part:

If you want to use TLS 1.2 you’ll need to upgrade to OpenSSL 1.0.1 as a minimum, and then you’ll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2).

If you want TLS 1.2 to be used automatically during SSL requests, you’ll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).

Share:
59,612
Raza Saleem
Author by

Raza Saleem

Updated on November 29, 2020

Comments

  • Raza Saleem
    Raza Saleem over 3 years 
    $ch = curl_init();
$clientId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

curl_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $clientId.":".$secret);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close ($ch);

    this code working on localhost but when i am testing on my live server it will give me this error Error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure then i tried this 

    <?php
$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); 
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');
var_dump(curl_exec($ch));
if ($err = curl_error($ch)) {
var_dump($err);
echo "DEBUG INFORMATION:\n###########";
echo "CURL VERSION";
echo json_encode(curl_version(), JSON_PRETTY_PRINT);
}?>

    github.com/paypal/TLS-update/tree/master/php this will again work on localhost and on live it gives me this 

    error bool(false)
string(67) "Unknown SSL protocol error in connection to tlstest.paypal.com:443 "
DEBUG INFORMATION:
###########CURL VERSION

    my server have these certificates

    Server Key and Certificate #1

    Subject *.secure.xxxxxxxx.com


Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Pin SHA256: S4/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Common names    *.secure.xxxxxxxx.com   MISMATCH


Alternative names   *.secure.xxxxxxx.com



Key RSA 2048 bits (e 65537)


Weak key (Debian)   No


Issuer  Symantec Class 3 Secure Server CA - G4


AIA: xxxxxxx/ss.crt


Signature algorithm SHA256withRSA


Extended Validation No


Certificate Transparency    Yes (certificate)


OCSP Must Staple    No


Revocation information  CRL, OCSP


CRL: xxxxxx/ss.crl


OCSP: xxxxxxxxx


Revocation status   Good (not revoked)

Trusted No   NOT TRUSTED (Why?)

    #2

    Subject Symantec Class 3 Secure Server CA - G4


Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Pin SHA256: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Key RSA 2048 bits (e 65537)


Issuer  VeriSign Class 3 Public Primary Certification Authority - G5


Signature algorithm SHA256withRSA

    #3

    Subject VeriSign Class 3 Public Primary Certification Authority - G5


Fingerprint SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Pin SHA256: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Key RSA 2048 bits (e 65537)


Issuer  VeriSign, Inc. / Class 3 Public Primary Certification Authority

Signature algorithm SHA1withRSA   WEAK

**Protocols**


TLS 1.2 Yes


TLS 1.1 Yes


TLS 1.0 Yes


SSL 3   No


SSL 2   No

    enter image description here

    checked requirements at

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error 0x1408F10B: "SSL3_GET_RECORD:wrong version number" with PayPal SDK
Paypal Access - SSL certificate: unable to get local issuer certificate
Paypal can not connect to Sandbox server. Return error 14077410 (sslv3 alert handshake failure)
Submit form via cURL and redirect browser to PayPal
SSL Certificate with PHP CURL
cURL/PHP Request Executes 50% of the Time
fockopen: Failed to enable crypto
Facebook SDK for PHP error - CurlException: 35: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Using discord API with PHP & cURL
Making Paypal payment using REST API in PHP