PayPal Sandbox account prompt
SetExpressCheckout failed: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure(35)。
Related
Today all of my IPN have been in Retrying Status. I have no idea why this has suddenly happened. I have checked IPN URL in IPN Settings page as soon as met with this issue. When i try to save my IPN URL by disabling and enabling it again. Strangely it throws the below error.
"We were unable to validate the URL you have entered. Please check your entry and try again." Any idea on this would be greatly appreciated as my IPN is dead now. Have contacted PayPal tech support, no response either
How old are your ipn listener?
Have you upgraded your server like reported here?
https://devblog.paypal.com/upcoming-security-changes-notice/
IPN Verification Postback to HTTPS (HTTP will no longer be supported)
TLS 1.2 upgrade (support for TLS 1.0 will be retired)
Merchant API Credential Upgrade (to SHA-256 2048-bit credentials)
SSL Certificate Upgrade
I use the PayPal IPN for payment notification.
PayPal says all Https connections must be SHA-256 compliant by Sept 30, 2016. (ie Https using TLS 2.1)
In fact PayPal live testing begins on 6/17. A PayPal email stated "We strongly recommend that your systems are compatible with SHA-256 by 17 June to ensure that your business isn’t interrupted."
So I made a mod to my IPN webapp and tested it with the "PayPal IPN Simulator".
Resulting message = "IPN was sent and the handshake was verified."
Does anyone know if the "PayPal IPN Simulator" is Positive Confirmation that the IPN webapp is now SHA-256 compliant?
Update:
Here is the .Net HTTPS post-back code from my IPN app.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://www.paypal.com/cgi-bin/webscr");
IPN simulator won't confirm whether your script has done a post-back or not, the "IPN was sent and the handshake was verified" message only indicates an one-way connection success (from PayPal to your URL).
To ensure your web server is SHA-2 compatible when your IPN makes post-backs to PayPal, you may simply test the connection from your host to PayPal endpoints with command below (e.g. LAMP environment):
openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts
or check the server trust store and see if G5 root cert is included,
ls -la /etc/ssl/certs/ | grep G5
I am trying to get information from PayPal by using IPN (sandbox).
When I enter address:
https://my.site.com:4576/script.py
I get an error:
paypal URL with port number is not allowed for IPN.
According to this PayPal IPN on port other than 80 PayPal does not allow ports other than 80 and 443.
However when I change the address to:
https://my.site.com/script.py
I get an error:
IPN was not sent, and the handshake was not verified. Please review
your information.
According to this paypal IPN simulator getting error? this means that SSL is outdated however when I run this command openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts -CApath /etc/ssl/certs/ in my server I get Verify return code: 0 (ok) which means that SSL is up to date.
How can I make this IPN work?
I am currently trying to set up Real-Time Updates to my site through the facebook app interface. When I attempt to test the callback to the callback url of https://messageall.com/facebook/callback/ I am getting an error message of:
Callback verification failed:
SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
However from what I can tell the certificate key chain is working fine and verifies when I test via http://www.digicert.com/help/
What could the facebook servers think is wrong with my CA?
My IPN Listener is protected by SSL, and access to a host via HTTPS, I try to test it using PayPal IPN simulator, but it gives an error: IPN Delivery Failed: I / O error: HTTPS hostname wrong: should be <xxx.xxx.xxx.xxx>; nested exception is java.io.IOException: HTTPS hostname wrong: should be <xxx.xxx.xxx.xxx>. Where <xxx.xxx.xxx.xxx> - IP address of my server. If I use an unsecured connection via HTTP, I get a response on this IP with IPN simulator, ports 80, 443 open. I try to go to the IPN Listener through a browser, I successfully opened IPN Listener JSP page through HTTPS. Tell me whether the PayPal with SSL hosts on which the IPN Listener or what could be my problem??
Looks like a defect on our end. We'll get this fixed.
Thanks for bringing it to our attention!