openssl sandbox messages fsockopen

openssl - Error de conexión de socket al conectarse al sandbox en www.sandbox.paypal.com



messages fsockopen (2)

¿Ha cambiado Paypal la configuración del socket del sandbox? ¿O qué más está mal?

Parece que PayPal deshabilitó TLS 1.0 y 1.1. O bien, solo admiten conjuntos de cifrado AES / GCM (y similares). Debe usar TLS 1.2.

Probablemente pueda encontrar una publicación de blog o comunicado de prensa que diga lo mismo ...

TLS 1.0

$ /usr/local/bin/openssl s_client -connect www.sandbox.paypal.com:443 -tls1 -servername www.sandbox.paypal.com CONNECTED(00000003) 140735201563100:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40 140735201563100:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : 0000 ...

TLS 1.2

$ /usr/local/bin/openssl s_client -connect www.sandbox.paypal.com:443 -tls1_2 -servername www.sandbox.paypal.com CONNECTED(00000003) ... --- Certificate chain 0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=PayPal Production/CN=www.sandbox.paypal.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 --- Server certificate -----BEGIN CERTIFICATE----- MIIFjDCCBHSgAwIBAgIQVeuz+EgDzKxFsKnpA78ETzANBgkqhkiG9w0BAQsFADB3 MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwOTE4MDAwMDAwWhcNMTcwOTI5 MjM1OTU5WjCCARcxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD VQQFEwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTUxMzEtMjAyMTET MBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxFjAUBgNVBAkM DTIyMTEgTiAxc3QgU3QxFTATBgNVBAoMDFBheVBhbCwgSW5jLjEaMBgGA1UECwwR UGF5UGFsIFByb2R1Y3Rpb24xHzAdBgNVBAMMFnd3dy5zYW5kYm94LnBheXBhbC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOQlgP1/OgAQ7TLB1A 1Kwr6a3EIfZRKl5HT9FmwR5sliGJBzQC4UdjUkCOQYBqzCwFrvc486aVTtAvE2JK PVP1OertRT7rQH8Oq/d60X2Cv32PmvwO0NnPsiQWwEKtqAvfHOUZf+4nfp3LxfGa gb4k4Nbeq/PegcArIXlGC06M85Urz3b10JqitnWgiHDRYWzh9PlHnPf6m/zVtLQw GYZxu11Gtq8wB5Ot4q2vlQTf1WcR4Li5HmAFIVHYXgjNLpfdI3PMNkjTiZEgn1AT kqkxyxzTt9V4YnwM7JEvygBpXRJKRHGYy52O35uKNdO+8J27HNX8kWnSHI1ogpC+ dezbAgMBAAGjggFwMIIBbDAhBgNVHREEGjAYghZ3d3cuc2FuZGJveC5wYXlwYWwu Y29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF BwMBBggrBgEFBQcDAjBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYB BQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0 dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8g B1fVkedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu Y3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNk LmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwDQYJ KoZIhvcNAQELBQADggEBACEZZKMKatEKSSuTaBF+qeRP2CqqJLZefggNLXDM8hNb mh05RQ95FSqGQMSKprbDNWxYqPERee7R2wvW4egmM0kmtU+PWlm/W1DaSE0E/5QN 6gx9Is0wC7DF4W3USGT8M4Itp225wf9doh2d3+ACw19xHfmri0fQiogrPSo3U0/X tD7QKpFNlrgpXH5Xz5qReiJeZnbI89dw1ILEdDjni/OCZmYGUpfZS2vY4eqR0w+s 0NWsfHzijXkJug2nrDjXJAmZAsagwR8acYOI8L86hJP8GC554z6TiuA6Of2GxVzx ngM1+KlNBGhY5NRTEJG10KcQklDH6nMdoR1ZjajM7mw= -----END CERTIFICATE----- subject=/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=PayPal Production/CN=www.sandbox.paypal.com issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 --- No client certificate CA names sent Peer signing digest: SHA1 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3263 bytes and written 474 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 9E01CD86FA9CF328AD505F17E34C0A9BE6846F89E553D8D0F2946F8859F695C7 Session-ID-ctx: Master-Key: BB1AC5E8C2AAF6B393EB85558C25F2AD8A28CA071E5605D3CEA714A15DC8E9D1 16948150238A67245BBE5C3BD7B81EC2 ...

Cuando intento conectarme con fsockopen :

$fp = fsockopen(''tls://www.sandbox.paypal.com'', 443, $errno, $errstr, 30);

La función muestra los siguientes errores:

Warning: fsockopen() [function.fsockopen]: SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure in /home/puntodec/public_html/test_socket.php on (line number) Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in /home/puntodec/public_html/test_socket.php on (line number) Warning: fsockopen() [function.fsockopen]: unable to connect to tls://www.sandbox.paypal.com:443 (Unknown error) in (line number)

Pero si uso tls://www.paypal.com no hay errores de muestra. ¿Ha cambiado Paypal la configuración del socket del sandbox? ¿O qué más está mal?

Por favor, ayúdenme, gracias de ahora en adelante por cualquier ayuda.


Gracias, el problema se debe a la versión de tls en mi servidor:

Respuesta de PayPal

PayPal implementó la actualización de seguridad en el entorno de sandbox recientemente

PayPal implementó la actualización de seguridad en el entorno de sandbox recientemente, consulte https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1913&viewlocale=en_ES

Guía de actualización del certificado SSL https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1766&viewlocale=en_US