Jump to content

[Solved] Ssl23_Get_Server_Hello:sslv3 Alert Handshake Failure


msnyder

Recommended Posts

I have been testing a cURL script for PayPal's IPN that used to work. Now I get the following error when trying to Postback to get validation (IPN):

 

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure.

 

Do the HH servers support SHA256 as it looks like PayPal updated theirs earlier this year.

 

 

Support SHA-256. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm.

You will need to update your integration to support certificates using SHA-256.

Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure connections

that require the VeriSign G2 Root Certificate for trust validation. Only secure connection requests that are expecting our

certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

 

If they do not, when will they?

 

Thanks.

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Hi,

 

cPanel - msnyder

domain - receipestation.com

server - johnny

 

everything I researched indicated the server isn't supporting sha-256. I did just recently have a self signed certificate installed also. Here is PayPal link talking about the changes being made and also the G5 root certificate...

https://www.paypal-knowledge.com/resources/sites/PAYPAL/content/live/FAQ/1000/FAQ1766/en_US/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20%28U.S.%20English%29.pdf

 

I was testing against sandbox.

 

Thank you.

Link to comment
Share on other sites

A lot of old unpatched operating systems can no longer access the newest SSL certificates. I suspect that is what is happening here. Doing an OS upgrade on a live production machine is just asking for trouble though. Your best bet at this point is to create your account on the new server that we're in the process of setting up. All of our new servers are going to be running the latest version of CentOS 7. The server you are on, Johnny, is running CentOS 5.11 still. If you'd like I can test your script on the new CentOS 7 server for you to verify that this is the issue.

Link to comment
Share on other sites

  • 1 year later...

This thread should be solved since we've upgraded all of our servers to much more recent operating systems. If you find this thread by searching and are still encountering the same issue just create a new topic about it. Closing.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...