使用SSL例程的PayPal IPN确认失败:SSL3_READ_BYTES:sslv3警报握手失败 [英] PayPal IPN acknowledgements failing with SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
问题描述
我们没有任何改变,也许与POODLE/SSL3有关,我们现在对PPIPNMessage :: validate的PayPal API调用失败了.
With no changes on our side and perhaps related to POODLE/SSL3 our PayPal API call to PPIPNMessage::validate is now failing with.
SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
IPN的签出和接收很好(而且我们从未支持SSL3传入),只是在确认IPN时失败了(即使我们失败了,PayPal也不会再试一次)
The checkout and receipt of IPN is fine (and we have never supported SSL3 incoming), it's just failing when acknowledging the IPN (oddly PayPal doesn't try again, even though we have failed)
从同一服务器命令行运行curl成功
Running curl from the same server command line succeeds
$ curl -iv https://ipnpb.paypal.com/cgi-bin/webscr
* About to connect() to ipnpb.paypal.com port 443 (#0)
* Trying 173.0.88.8... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; businessCategory=Private Organization; serialNumber=3014267; C=US; postalCode=95131-2021; ST=California; L=San Jose; street=2211 N 1st St; O=PayPal, Inc.; OU=PayPal Production; CN=ipnpb.paypa
* start date: 2013-06-28 00:00:00 GMT
* expire date: 2015-08-02 23:59:59 GMT
* subjectAltName: ipnpb.paypal.com matched
* issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)06; CN=VeriSign Class 3 Extended Validation SSL CA
* SSL certificate verify ok.
> GET /cgi-bin/webscr HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: ipnpb.paypal.com
> Accept: */*
我确实注意到ssllabs.com显示该端点上仍支持SSL3的4个IP中的1个.
I did note that ssllabs.com shows 1 out of 4 IPs still supporting SSL3 on this endpoint.
推荐答案
This is the same problem as Error 0x1408F10B: "SSL3_GET_RECORD:wrong version number" with PayPal SDK
我们使用的硬编码CURLOPT_SSLVERSION为3的PayPal API版本.
The version of PayPal API we are using hard codes CURLOPT_SSLVERSION to 3.
我们的解决方法是在任何PayPal呼叫之前插入此代码.
Our fix is to insert this before any PayPal calls.
PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSLVERSION] = 4;
这篇关于使用SSL例程的PayPal IPN确认失败:SSL3_READ_BYTES:sslv3警报握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!