我的 PayPal 脚本突然停止验证 SSL 证书
My PayPal script suddenly stopped verifying the SSL certificate
所以我的脚本(IPN 侦听器、API 调用等)工作正常,但突然开始抛出无法验证 SSL 证书的错误。这是我的错误(显示 PHP CURL)
SSL connect error
为什么它停止工作了?
去年,PCI-DSS 3.1 came out and there was a major change for all people processing credit cards. Specifically, there was a mandate that all processing had to be done on TLS 1.1 or later only. The original sunset date was June 30, 2016, but that was postponed to June 30, 2018
The Payment Card Industry Security Standards Council (PCI SSC) is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher).
现在,虽然这个缓期给了你,程序员,关于你的前端的一些喘息的空间,它仍然意味着转向 TLS 1.1+ 不是可选的(事实上,如果我是你,我会更快地移动) 并且一些中间卡处理将比这更早开始移动。事实证明,PayPal 就是其中之一 moving in regards to its websites
TLS 1.2 Upgrade
The most secure protocol for sharing information on the web today is Transport Layer Security (TLS) version 1.2. PayPal is enabling support for TLS 1.2 for all secure connections and in 2016 will start requiring its use. You will need to verify that your environment supports TLS 1.2 and if necessary make appropriate updates. PayPal is updating its services to require TLS v1.2 for all HTTPS connections on June 17, 2016. After that date, all TLS v1.0 and TLS v1.1 API connections will be refused.
现在,理论上,您的旧脚本(前提是您没有存储 PayPal 的 public 密钥)应该可以正常运行,但沙盒(已经转移到此)通信已经开始失败。我发现,由于各种原因,某些通信层(特别是 [=31= 中的 CURL,一种与 PayPal 交谈的非常常见的方式)无法再与 PayPal 正确协商。因此,你得到了神秘的错误
SSL connect error
谢谢 CURL。这很有帮助... (不是)
那么我们如何解决这个问题呢?好吧,如果我们告诉 CURL 只使用 TLS 1.2,您对 PayPal 的调用应该可以毫无问题地再次开始工作。如果您正在使用 PHP 和 CURL,您可以通过添加这样的方式来做到这一点(其中 $ch 是您的 CURL 处理程序)
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // Force TLS 1.2
此更改在沙盒和对 PayPal 的实时调用中使用是完全安全的。
所以我的脚本(IPN 侦听器、API 调用等)工作正常,但突然开始抛出无法验证 SSL 证书的错误。这是我的错误(显示 PHP CURL)
SSL connect error
为什么它停止工作了?
去年,PCI-DSS 3.1 came out and there was a major change for all people processing credit cards. Specifically, there was a mandate that all processing had to be done on TLS 1.1 or later only. The original sunset date was June 30, 2016, but that was postponed to June 30, 2018
The Payment Card Industry Security Standards Council (PCI SSC) is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher).
现在,虽然这个缓期给了你,程序员,关于你的前端的一些喘息的空间,它仍然意味着转向 TLS 1.1+ 不是可选的(事实上,如果我是你,我会更快地移动) 并且一些中间卡处理将比这更早开始移动。事实证明,PayPal 就是其中之一 moving in regards to its websites
TLS 1.2 Upgrade
The most secure protocol for sharing information on the web today is Transport Layer Security (TLS) version 1.2. PayPal is enabling support for TLS 1.2 for all secure connections and in 2016 will start requiring its use. You will need to verify that your environment supports TLS 1.2 and if necessary make appropriate updates. PayPal is updating its services to require TLS v1.2 for all HTTPS connections on June 17, 2016. After that date, all TLS v1.0 and TLS v1.1 API connections will be refused.
现在,理论上,您的旧脚本(前提是您没有存储 PayPal 的 public 密钥)应该可以正常运行,但沙盒(已经转移到此)通信已经开始失败。我发现,由于各种原因,某些通信层(特别是 [=31= 中的 CURL,一种与 PayPal 交谈的非常常见的方式)无法再与 PayPal 正确协商。因此,你得到了神秘的错误
SSL connect error
谢谢 CURL。这很有帮助... (不是)
那么我们如何解决这个问题呢?好吧,如果我们告诉 CURL 只使用 TLS 1.2,您对 PayPal 的调用应该可以毫无问题地再次开始工作。如果您正在使用 PHP 和 CURL,您可以通过添加这样的方式来做到这一点(其中 $ch 是您的 CURL 处理程序)
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // Force TLS 1.2
此更改在沙盒和对 PayPal 的实时调用中使用是完全安全的。