openssl - Error de conexión de socket al conectarse al sandbox en www.sandbox.paypal.com
messages fsockopen (2)
¿Ha cambiado Paypal la configuración del socket del sandbox? ¿O qué más está mal?
Parece que PayPal deshabilitó TLS 1.0 y 1.1. O bien, solo admiten conjuntos de cifrado AES / GCM (y similares). Debe usar TLS 1.2.
Probablemente pueda encontrar una publicación de blog o comunicado de prensa que diga lo mismo ...
TLS 1.0
$ /usr/local/bin/openssl s_client -connect www.sandbox.paypal.com:443 -tls1 -servername www.sandbox.paypal.com
CONNECTED(00000003)
140735201563100:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
140735201563100:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
...
TLS 1.2
$ /usr/local/bin/openssl s_client -connect www.sandbox.paypal.com:443 -tls1_2 -servername www.sandbox.paypal.com
CONNECTED(00000003)
...
---
Certificate chain
0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=PayPal Production/CN=www.sandbox.paypal.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIQVeuz+EgDzKxFsKnpA78ETzANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwOTE4MDAwMDAwWhcNMTcwOTI5
MjM1OTU5WjCCARcxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
VQQFEwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTUxMzEtMjAyMTET
MBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxFjAUBgNVBAkM
DTIyMTEgTiAxc3QgU3QxFTATBgNVBAoMDFBheVBhbCwgSW5jLjEaMBgGA1UECwwR
UGF5UGFsIFByb2R1Y3Rpb24xHzAdBgNVBAMMFnd3dy5zYW5kYm94LnBheXBhbC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOQlgP1/OgAQ7TLB1A
1Kwr6a3EIfZRKl5HT9FmwR5sliGJBzQC4UdjUkCOQYBqzCwFrvc486aVTtAvE2JK
PVP1OertRT7rQH8Oq/d60X2Cv32PmvwO0NnPsiQWwEKtqAvfHOUZf+4nfp3LxfGa
gb4k4Nbeq/PegcArIXlGC06M85Urz3b10JqitnWgiHDRYWzh9PlHnPf6m/zVtLQw
GYZxu11Gtq8wB5Ot4q2vlQTf1WcR4Li5HmAFIVHYXgjNLpfdI3PMNkjTiZEgn1AT
kqkxyxzTt9V4YnwM7JEvygBpXRJKRHGYy52O35uKNdO+8J27HNX8kWnSHI1ogpC+
dezbAgMBAAGjggFwMIIBbDAhBgNVHREEGjAYghZ3d3cuc2FuZGJveC5wYXlwYWwu
Y29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYB
BQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0
dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8g
B1fVkedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu
Y3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNk
LmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwDQYJ
KoZIhvcNAQELBQADggEBACEZZKMKatEKSSuTaBF+qeRP2CqqJLZefggNLXDM8hNb
mh05RQ95FSqGQMSKprbDNWxYqPERee7R2wvW4egmM0kmtU+PWlm/W1DaSE0E/5QN
6gx9Is0wC7DF4W3USGT8M4Itp225wf9doh2d3+ACw19xHfmri0fQiogrPSo3U0/X
tD7QKpFNlrgpXH5Xz5qReiJeZnbI89dw1ILEdDjni/OCZmYGUpfZS2vY4eqR0w+s
0NWsfHzijXkJug2nrDjXJAmZAsagwR8acYOI8L86hJP8GC554z6TiuA6Of2GxVzx
ngM1+KlNBGhY5NRTEJG10KcQklDH6nMdoR1ZjajM7mw=
-----END CERTIFICATE-----
subject=/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=PayPal Production/CN=www.sandbox.paypal.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
---
No client certificate CA names sent
Peer signing digest: SHA1
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3263 bytes and written 474 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 9E01CD86FA9CF328AD505F17E34C0A9BE6846F89E553D8D0F2946F8859F695C7
Session-ID-ctx:
Master-Key: BB1AC5E8C2AAF6B393EB85558C25F2AD8A28CA071E5605D3CEA714A15DC8E9D1
16948150238A67245BBE5C3BD7B81EC2
...
Cuando intento conectarme con fsockopen
:
$fp = fsockopen(''tls://www.sandbox.paypal.com'', 443, $errno, $errstr, 30);
La función muestra los siguientes errores:
Warning: fsockopen() [function.fsockopen]: SSL operation failed with code 1.
OpenSSL Error messages: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure in /home/puntodec/public_html/test_socket.php on (line number)
Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in
/home/puntodec/public_html/test_socket.php on (line number)
Warning: fsockopen() [function.fsockopen]: unable to connect to
tls://www.sandbox.paypal.com:443 (Unknown error) in (line number)
Pero si uso tls://www.paypal.com
no hay errores de muestra. ¿Ha cambiado Paypal la configuración del socket del sandbox? ¿O qué más está mal?
Por favor, ayúdenme, gracias de ahora en adelante por cualquier ayuda.
Gracias, el problema se debe a la versión de tls en mi servidor:
Respuesta de PayPal
PayPal implementó la actualización de seguridad en el entorno de sandbox recientemente
PayPal implementó la actualización de seguridad en el entorno de sandbox recientemente, consulte https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1913&viewlocale=en_ES
Guía de actualización del certificado SSL https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1766&viewlocale=en_US