msnyder Posted March 30, 2016 Posted March 30, 2016 I have been testing a cURL script for PayPal's IPN that used to work. Now I get the following error when trying to Postback to get validation (IPN): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure. Do the HH servers support SHA256 as it looks like PayPal updated theirs earlier this year. Support SHA-256. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm. You will need to update your integration to support certificates using SHA-256. Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure connectionsthat require the VeriSign G2 Root Certificate for trust validation. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections. If they do not, when will they? Thanks.
wolstech Posted March 30, 2016 Posted March 30, 2016 I'm honestly not sure on this one, but I do know that a lot of the software on our servers is considered ancient by today's standards, so probably not. Krydos might know, escalating.
Krydos Posted April 8, 2016 Posted April 8, 2016 Please post the following information:Your cPanel username Your main domain The server that you are on
msnyder Posted April 19, 2016 Author Posted April 19, 2016 Hi, cPanel - msnyderdomain - receipestation.comserver - johnny everything I researched indicated the server isn't supporting sha-256. I did just recently have a self signed certificate installed also. Here is PayPal link talking about the changes being made and also the G5 root certificate...https://www.paypal-knowledge.com/resources/sites/PAYPAL/content/live/FAQ/1000/FAQ1766/en_US/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20%28U.S.%20English%29.pdf I was testing against sandbox. Thank you.
Krydos Posted April 20, 2016 Posted April 20, 2016 A lot of old unpatched operating systems can no longer access the newest SSL certificates. I suspect that is what is happening here. Doing an OS upgrade on a live production machine is just asking for trouble though. Your best bet at this point is to create your account on the new server that we're in the process of setting up. All of our new servers are going to be running the latest version of CentOS 7. The server you are on, Johnny, is running CentOS 5.11 still. If you'd like I can test your script on the new CentOS 7 server for you to verify that this is the issue.
Krydos Posted June 28, 2017 Posted June 28, 2017 This thread should be solved since we've upgraded all of our servers to much more recent operating systems. If you find this thread by searching and are still encountering the same issue just create a new topic about it. Closing.
Recommended Posts