PayPal IPN 确认失败,SSL 例程:SSL3_READ_BYTES:sslv3 警报握手失败 [英] PayPal IPN acknowledgements failing with SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
问题描述
我们这边没有任何变化,可能与 POODLE/SSL3 相关,我们对 PPIPNMessage::validate 的 PayPal API 调用现在失败了.
With no changes on our side and perhaps related to POODLE/SSL3 our PayPal API call to PPIPNMessage::validate is now failing with.
SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
IPN 的结帐和接收很好(我们从未支持 SSL3 传入),只是在确认 IPN 时失败(奇怪的是,即使我们失败了,PayPal 也不会再试一次)
The checkout and receipt of IPN is fine (and we have never supported SSL3 incoming), it's just failing when acknowledging the IPN (oddly PayPal doesn't try again, even though we have failed)
从同一服务器命令行运行 curl 成功
Running curl from the same server command line succeeds
$ curl -iv https://ipnpb.paypal.com/cgi-bin/webscr
* About to connect() to ipnpb.paypal.com port 443 (#0)
* Trying 173.0.88.8... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; businessCategory=Private Organization; serialNumber=3014267; C=US; postalCode=95131-2021; ST=California; L=San Jose; street=2211 N 1st St; O=PayPal, Inc.; OU=PayPal Production; CN=ipnpb.paypa
* start date: 2013-06-28 00:00:00 GMT
* expire date: 2015-08-02 23:59:59 GMT
* subjectAltName: ipnpb.paypal.com matched
* issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)06; CN=VeriSign Class 3 Extended Validation SSL CA
* SSL certificate verify ok.
> GET /cgi-bin/webscr HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: ipnpb.paypal.com
> Accept: */*
我确实注意到 ssllabs.com 显示 4 个 IP 中有 1 个在此端点上仍然支持 SSL3.
I did note that ssllabs.com shows 1 out of 4 IPs still supporting SSL3 on this endpoint.
推荐答案
这个问题和 错误 0x1408F10B:SSL3_GET_RECORD:错误的版本号";使用贝宝 SDK
我们使用硬编码 CURLOPT_SSLVERSION 到 3 的 PayPal API 版本.
The version of PayPal API we are using hard codes CURLOPT_SSLVERSION to 3.
我们的解决方法是在任何 PayPal 调用之前插入它.
Our fix is to insert this before any PayPal calls.
PPHttpConfig::$DEFAULT_CURL_OPTS[CURLOPT_SSLVERSION] = 4;
这篇关于PayPal IPN 确认失败,SSL 例程:SSL3_READ_BYTES:sslv3 警报握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
