CURL& PHP SSLv3错误,无法使TLS工作 [英] CURL & PHP SSLv3 Error and Can't Get TLS to Work
问题描述
我尝试使用CURL连接到PayPal沙箱。我搜索了这个网站和许多其他人试图找到正确的答案,但没有,我的意思是没有,为我工作,我仍然得到的错误:
I am trying to connect to PayPal sandbox using CURL. I've searched both this website and many others trying to find the right answer however, none, and I mean none, have worked for me and I still get the error:
SetExpressCheckout失败:错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(35)
SetExpressCheckout failed: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure ( 35 )
我有以下CURL和PHP安装(它是买和共享托管所以我不能升级任何东西)。
I have the following CURL and PHP installed (It is bought and shared hosting so I cannot upgrade anything).
- 7.36.0
- SSL版本: OpenSSL / 0.9.8b
- PHP版本: 5.4.45
- Curl Verison: 7.36.0
- SSL Version: OpenSSL/0.9.8b
- PHP Version: 5.4.45
我目前使用的代码:
class MyPayPal {
function PPHttpPost($methodName_, $nvpStr_, $PayPalApiUsername, $PayPalApiPassword, $PayPalApiSignature, $PayPalMode) {
// Set up your API credentials, PayPal end point, and API version.
$API_UserName = urlencode($PayPalApiUsername);
$API_Password = urlencode($PayPalApiPassword);
$API_Signature = urlencode($PayPalApiSignature);
$paypalmode = ($PayPalMode=='sandbox') ? '.sandbox' : '';
$API_Endpoint = "https://api-3t".$paypalmode.".paypal.com/nvp";
$version = urlencode('109.0');
// Set the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
// Turn off the server and peer verification (TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
// Set the API operation, version, and API signature in the request.
$nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";
// Set the request as a POST FIELD for curl.
curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);
// Get response from the server.
$httpResponse = curl_exec($ch);
if(!$httpResponse) {
exit("<span style='font-family: Verdana'><strong>$methodName_ failed: </strong>".curl_error($ch).'<strong> (</strong> '.curl_errno($ch).' <strong>)</strong></span>');
}
// Extract the response details.
$httpResponseAr = explode("&", $httpResponse);
$httpParsedResponseAr = array();
foreach ($httpResponseAr as $i => $value) {
$tmpAr = explode("=", $value);
if(sizeof($tmpAr) > 1) {
$httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
}
}
if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
}
return $httpParsedResponseAr;
}
}
做,我似乎无法征服这个错误。
It doesn't matter what I do, I cannot seem to conquer this error. :( Any guidance will be helpful.
推荐答案
Paypal现在只支持沙箱上的TLS 1.2如果你想使用TLS 1.2,你至少需要升级到OpenSSL 1.0.1+,然后你可以将CURLOPT_SSLVERSION设置为 6 (TLS 1.2)。如果您希望在SSL请求期间自动使用TLS 1.2,您还需要升级到PHP 5.5.19+(这是理想的解决方案,但许多项目仍然是旧的PHP版本) 。
Paypal now supports only TLS 1.2 on the sandbox (and in June the same will apply to production systems). If you want to use TLS 1.2 you'll need to upgrade to OpenSSL 1.0.1+ as a minimum, and then you'll be able to set CURLOPT_SSLVERSION to 6 (TLS 1.2). If you want TLS 1.2 to be used automatically during SSL requests, you'll also need to upgrade to PHP 5.5.19+ (this is the ideal solution but many projects are still on older PHP versions).
但是,你说你在共享主机上,不能自己升级软件,所以你不幸运,我的建议
However, you've said you're on shared hosting and can't upgrade the software yourself...so you're out of luck. My advice would be to get away from whatever hosting provider is still stuck on OpenSSL 0.9.8.
参考: https://devblog.paypal.com/upcoming-security-changes-notice/
这篇关于CURL& PHP SSLv3错误,无法使TLS工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
