PayPal IPN SSL Connection Error Solution

On March 1, 2016, in Other Online Technology, by James Liu

As critical security issue on SSL 3.0, PayPal will shut down their integration protocol SSL 3.0 to ensure safer transactions. The SSL 3.0 security protocol has been used for 15 years and now it’s time to be replaced. After PayPal disable SSL 3.0 protocol, all old integrations will be affected. Instead of SSL 3.0 protocol, we can use new protocol Transport Layer Security (TLS).

How to test

Currently, PayPal Sandbox already disables the SSL 3.0, so you can test your application in PayPal Sandbox environment. If you are using SSL 3.0, you have to replace it with Transport Layer Security (TLS). When you test in Sandbox, you will update to TLS if you see following error message:

Error message 1:
Unknown SSL protocol error

Error message 2:
Secure Renegotiation is not supported
Protocol SSLv3

Error message 3:
SSL Connection Error

Change to TLS

First of all, you need to get contact with your host company to check if their hosting service support TLS 1.0 or TLS 1.2. After that, you can update your application. Here I only give the implementation in PHP. Most of the case in PHP is using curl to connect PayPal endpoint to accept IPN. When using curl to connect PayPal server, we can set the following option in curl to use TLS instead of SSL 3.0:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

In PHP, there are several options for CURLOPT_SSLVERSION:

  • CURL_SSLVERSION_DEFAULT (0)
  • CURL_SSLVERSION_TLSv1 (1)
  • CURL_SSLVERSION_SSLv2 (2)
  • CURL_SSLVERSION_SSLv3 (3)
  • CURL_SSLVERSION_TLSv1_0 (4)
  • CURL_SSLVERSION_TLSv1_1 (5)
  • CURL_SSLVERSION_TLSv1_2 (6)

Before PHP 5.5, these constant variables are not supported and we can only use the number value directly.

Update

Currently, PayPal is upgrading the protocols used to secure all external connections made to their systems. Transport Layer Security version 1.2 (TLS 1.2) and Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory for communication with PayPal in 2016. Here is a PHP example to connect PayPal server by HTTP/1.1:

curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);

Read More

https://www.paypal.com/uk/webapps/mpp/ssl-security-update
https://www.paypal-knowledge.com/infocenter/index?page=content&id=FAQ1914&expand=true&locale=en_US

 

2 Responses to “PayPal IPN SSL Connection Error Solution”

  1. Neeti says:

    Hi James

    I need your help regarding SSL Connection Error on our website while connecting with paypal, if you could guide me to solve this issue will be highly appreciable.

    My hosting service support TLS 1.0 and openssl library capable of NSS/3.14.0.0 , I am using below code to connect with paypal but getting “ssl connectin eror ” message in log file.

    I tried with all the solution suggested by you and also by others after googling but could not able to get luck to solve it out. Could it be solved only by my hosting company ? Is their any other option so that I can solve it and get it work ?

    https://www.sandbox.paypal.com/cgi-bin/webscr
    [content_type] =>
    [http_code] => 0
    [header_size] => 0
    [request_size] => 163
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.454801
    [namelookup_time] => 2.5E-5
    [connect_time] => 0.296525
    [pretransfer_time] => 0
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => -1
    [upload_content_length] => 0
    [starttransfer_time] => 0
    [redirect_time] => 0.454852
    [request_header] => POST /cgi-bin/webscr HTTP/1.1
    Host: http://www.sandbox.paypal.com
    Accept: */*
    Connection: Close
    Content-Length: 0
    Content-Type: application/x-www-form-urlencoded

    )
    error:SSL connect error

    Please help me to solve this issue and suggest me some way to get out of it , if possible 🙂

    Thanks
    Neeti

  2. James Liu says:

    If curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); cannot work, you can try curl_setopt($ch, CURLOPT_SSLVERSION, 1);

Leave a Reply

Premium WordPress Themes

Free WordPress Theme