错误0x1408F10B：“SSL3_GET_RECORD：错误的版本号”与PayPal SDK [英] Error 0x1408F10B: "SSL3_GET_RECORD:wrong version number" with PayPal SDK

问题描述

看起来PayPal可能已根据 POODLE 更新其系统攻击，导致网站使用PHP PayPal SDK破解。

Looks like PayPal might have updated its systems in light of the POODLE attack, causing sites using the PHP PayPal SDK to break.

我得到错误：

PayPal/Exception/PPConnectionException: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

/var/www/site/vendor/paypal/sdk-core-php/lib/PayPal/Core/PPHttpConnection.php:91
/var/www/site/vendor/paypal/sdk-core-php/lib/PayPal/Core/PPAPIService.php:66
/var/www/site/vendor/paypal/sdk-core-php/lib/PayPal/Core/PPBaseService.php:82
/var/www/site/vendor/paypal/adaptivepayments-sdk-php/lib/PayPal/Service/AdaptivePaymentsService.php:97

您会建议如何解决这个问题，而不影响安全性？

What would you recommend to fix this, without compromising security ?

推荐答案

UPDATE ：正如Jaffer所说， PayPal的GitHub存储库已经合并了下面的更改，因此您可能只需更新SDK。

UPDATE: As Jaffer noted, PayPal's GitHub repository has already merged the changes below, so you might just update your SDK.

至少这似乎现在工作，虽然我将调查什么协议实际使用。

At least this seems to work for now, though I will have to investigate what protocol it will actually use.

\PayPal\Core\PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSLVERSION] = 1;
// 0 = default protocol (likely TLSv1), 1 = TLSv1; unsafe: 2 = SSLv2, 3 = SSLv3

对于直接使用cURL的其他人，只需使用

For other people using cURL directly, just use

curl_setopt($handle, CURLOPT_SSLVERSION, 1);

UPDATE：

只需查找< a href =ftp://gd.tuwien.ac.at/.vhost/curl/cvssource/include/curl/curl.h>来源到cURL ，这些是值（ // comments mine）：

UPDATE:
Just looked up the source to cURL, these are the values (// comments mine):

enum {  
    CURL_SSLVERSION_DEFAULT, // 0
    CURL_SSLVERSION_TLSv1,   // 1
    CURL_SSLVERSION_SSLv2,   // 2
    CURL_SSLVERSION_SSLv3,   // 3

    CURL_SSLVERSION_LAST /* never use, keep last */  // 4
};

总而言之，是的，1是TLSv1，从评论判断，可能比4更好。

上面更新的代码。

So to summarize, yes, 1 is TLSv1 and judging from the comment, is probably better than 4.
Updated code above.

这篇关于错误0x1408F10B：“SSL3_GET_RECORD：错误的版本号”与PayPal SDK的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！