用于发布请求的Paypal Payflow链接TLS 1.2 [英] Paypal Payflow Link TLS 1.2 for post requests

问题描述

最近升级到新服务器后，以前接受PayPal Payflow Link的发布请求的Web应用程序停止工作.

After a recent upgrade to a new server, a web app that previously accepted a post request from PayPal's Payflow Link stopped working.

在进行故障排除之后，我们目前的猜测是，旧版的Payflow Link(作为较旧的产品)未使用TLS 1.1或TLS 1.2，从而导致SSL握手失败.

After troubleshooting, our current guess is that the legacy Payflow Link, being an older product, is not using TLS 1.1 or TLS 1.2 thereby causing the SSL handshake to fail.

是否可以告诉Paypal流使用TLS 1.1或TLS 1.2发布我们的网站?

Is there a way to tell Paypal flow to post our site with TLS 1.1 or TLS 1.2?

在此先感谢

推荐答案

我们遇到了类似的问题.

We had a similar issue.

一家Magento(1.8)商店从CentOS 5迁移到CentOS 6服务器.

A Magento (1.8) shop was moved from a CentOS 5 to CentOS 6 server.

在新服务器上，将站点设置为使用HTTPS时，Payflow Link不起作用.如果设置为使用HTTP，则该站点可以正常运行.该网站还可以找到Apache是​​否允许SSLv3.

On the new server, Payflow Link was not working when the site was set to use HTTPS. If set to use HTTP, the site worked fine. The site also worked find if Apache permitted SSLv3.

我们通常使用:

SSLHonorCipherOrder on

在我们的Apache配置中.

in our Apache configurations.

如果我们在CentOS 6上禁用此功能，则系统将再次运行.

If we disable this on CentOS 6, the system works again.

SSLHonorCipherOrder off

我怀疑SSL协商存在问题.我找不到原因，但是如果我们强制密码顺序并设置强密码，则系统将失败.

I suspect there's some issue with SSL negotiation. I could not find the cause but if we force the cipher order and set strong ciphers, the system fails.

我进行了数据包捕获，我看到Paypal回发了，但是该连接从未打过Apache日志，因此我认为在协商期间它失败了.

I did a packet capture and I could see Paypal posting back but that connection never hit the Apache logs, so I think it failed during negotiation.

我找不到有关什么SSL/TLS协议&的任何文档.密码Payflow链接支持.

I could not find any documentation about what SSL/TLS protocols & ciphers Payflow link supports.

这篇关于用于发布请求的Paypal Payflow链接TLS 1.2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！