paypal / tls-update Goto Github PK

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

Hi team,

I don't know how/where report that the TLS Test site doesn't respond.
So all scripts that use this URL don't work.

our jdk version: jdk-8u73-linux-x64.tar.gz
our paypal sdk version:

<dependency>
    <groupId>com.paypal.sdk</groupId>
    <artifactId>rest-api-sdk</artifactId>
    <version>1.9.2</version>
</dependency>

The most important and strange thing is our test server can create payment successfully in sandbox server sometimes, sometimes can not. the payment can be created 1 or 2 times when we try 20 times.

I am make sure our jdk version and paypal sdk version are matched your requirement about TLS, otherwise why we can create payment suceessfully sometimes.

In our test server, we can create payment sucessfully sometimes, but it is more diffcult than in our local developer env.

Caused by: com.paypal.base.exception.HttpErrorException: retry fails..  check log for more information
        at com.paypal.base.HttpConnection.executeWithStream(HttpConnection.java:197) ~[rest-api-sdk-1.4.2.jar:1.4.2]
        at com.paypal.base.HttpConnection.execute(HttpConnection.java:67) ~[rest-api-sdk-1.4.2.jar:1.4.2]
        at com.paypal.base.rest.OAuthTokenCredential.generateOAuthToken(OAuthTokenCredential.java:221) ~[classes/:1.4.2]
        ... 140 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_73]
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.8.0_73]
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[na:1.8.0_73]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[na:1.8.0_73]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_73]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_73]

[org.apache.commons.httpclient.HttpMethodBase(processCookieHeaders:1656)] Cookie rejected: "$Version=0; X-PP-SILOVER=name%3DSANDBOX3.API.1%26silo_version%3D880%26app%3Dappdispatcher_apit%26TIME%3D2096869206; $Path=/; $Domain=.paypal.com". Domain attribute ".paypal.com" violates RFC 2109: host minus domain may not contain any dots

General information

• Environment: Production (Web Console)
• PayPal-Debug-ID values: N/A
• Language, language version, and OS: PHP, Apache 2.4, Linux Debian 8.x

Issue description

After having performed all the requested updates, including the TlsCheck.php test (result: PayPal_Connection_OK) the web site reports "Your account has been limited".

The account goes back to "unlimited" only after providing a manual confirmation (something like "type 'Accept"...) that the changes have been implemented.

This is not mentioned anywhere in the documentation, and in many cases it requires a non-technical user (e.g administrative staff in a mid-sized operation) to confirm something they're not really expected to understand in detail.

How to run
ruby -r'net/http' -e 'puts Net::HTTP.get(URI("https://tlstest.paypal.com/"))'
in rails and heroku production app?

php/TlsCheck.php is missing the closing tag.

I used your php-Check TlsCheck.php and get a response:

SSL certificate problem: unable to get local issuer certificate

With a different cacert.pem (taken from https://curl.haxx.se/ca/cacert.pem) it worked just fine. Is your CA-File just outdated?

I actually had to force the curl SSL option to get it work:

curl_setopt($ch, CURLOPT_SSLVERSION, 6);

Is it ok? Should i worry?

<?php

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');

curl_exec($ch);
echo "\n";

if ($err = curl_error($ch)) {
        var_dump($err);
        echo "DEBUG INFORMATION:\n###########\n";
        echo "CURL VERSION:\n";
        echo json_encode(curl_version(), JSON_PRETTY_PRINT);
}

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

General information

• Environment: TLS-UPDATE
• PayPal-Debug-ID values: none
• Language, language version, and OS: Visual studio 2017/ Windows

Issue description

If you encounter problem "error 407" I invite you to use the code attached.

 System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            WebRequest wr = WebRequest.Create("https://tlstest.paypal.com/");
            IWebProxy proxy = wr.Proxy;
            if (proxy != null)
            {
                string proxyuri = proxy.GetProxy(wr.RequestUri).ToString();
                wr.UseDefaultCredentials = true;
                wr.Proxy = new WebProxy(proxyuri, false);
                wr.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
            }
            WebResponse response =wr.GetResponse();
                
            using (var streamReader = new StreamReader(response.GetResponseStream()))
            {
                Console.WriteLine(streamReader.ReadToEnd());
            }

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

To validate if the Perl PayflowPro module will satisfy the requirement, I wrote the following test based on the example Python test. It passes for me with Perl 5.24 and LWP 6.22.

Sample output:

% perl pfp-test.perl
Perl: 5.024001
LWP: 6.22
PayPal_Connection_OK

Test program:

#!/usr/local/bin/perl
use strict;
use LWP::UserAgent;

print "Perl: $]\nLWP: $LWP::UserAgent::VERSION\n";

my $ua = LWP::UserAgent->new;
my $response = $ua->get('https://tlstest.paypal.com/');

if ($response->is_success) {
  print $response->decoded_content,"\n";
}
else {
  die $response->status_line;
}

The current check is:

ruby -r'net/HTTP' -e 'uri = URI("https://tlstest.paypal.com/"); puts Net::HTTP.get(uri)'

When it should be:

ruby -r'net/http' -e 'uri = URI("https://tlstest.paypal.com/"); puts Net::HTTP.get(uri)'

As an aside, it could be shortened a bit by going with:

ruby -r'net/http' -e 'puts Net::HTTP.get(URI("https://tlstest.paypal.com/"))'

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

Hi

I've run the TlsCheck.php script and it gives me PayPal_Connection_OK. I've also updated to Braintree_PHP 3.21.1. However, when I try to use the Braintree API, I get this error in my log:

Braintree\Exception\SSLCertificate: in Braintree\Http->_doUrlRequest() (line 167 of /var/www/<snip>/composer/braintree/braintree_php/lib/Braintree/Http.php).

Edit - I should point out this is attempting to connect to the sandbox environment.

Hi!

When I set :TLSv1_2 on ruby i get this error:

>> Braintree::Configuration.ssl_version = :TLSv1_2
=> :TLSv1_2
>> Braintree::ClientToken.generate
NoMethodError: undefined method `ssl_version=' for #<Net::HTTP api.sandbox.braintreegateway.com:443 open=false>
	from /home/murbano/vlex/vendor/bundle/ruby/1.8/gems/braintree-2.71.0/lib/braintree/http.rb:79:in `_http_do'
	from /home/murbano/vlex/vendor/bundle/ruby/1.8/gems/braintree-2.71.0/lib/braintree/http.rb:28:in `post'
	from /home/murbano/vlex/vendor/bundle/ruby/1.8/gems/braintree-2.71.0/lib/braintree/client_token_gateway.rb:17:in `generate'
	from /home/murbano/vlex/vendor/bundle/ruby/1.8/gems/braintree-2.71.0/lib/braintree/client_token.rb:8:in `generate'
	from (irb):12

How to fix it?

General information

• Environment: Production
• PayPal-Debug-ID values:
• Language, language version, and OS: C# ASP.NET MVC 5 on Windows Shared Hosting

Issue description

`

    public ActionResult Test()
    {
        string res = "nothing";

        try
        {
            using (var wr = WebRequest.Create("https://tlstest.paypal.com").GetResponse())
            using (StreamReader streamIn = new StreamReader(wr.GetResponseStream()))
            {
                res = "Test1: " + streamIn.ReadToEnd();
            }
        }
        catch (Exception ex)
        {
            res = "Test1: " + ex.ToString();
        }

        try
        {
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            using (var wr = WebRequest.Create("https://tlstest.paypal.com").GetResponse())
            using (StreamReader streamIn = new StreamReader(wr.GetResponseStream()))
            {
                res += "Test2: " + streamIn.ReadToEnd();
            }
        }
        catch (Exception ex)
        {
            res += "Test2: " + ex.ToString();
        }

        return Content(res);
    }

`

The first check TLS1.2+HTTP/1.1 throws exception:

System.Net.WebException: The remote server returned an error: (426) Unknown. at System.Net.HttpWebRequest.GetResponse() at TTT.Controllers.PayPalController.Test()

But after a few refreshes and minutes, it starts returning: PayPal_Connection_OK for both requests like:
Test1: PayPal_Connection_OKTest2: PayPal_Connection_OK

Hi guys, since yesterday noon we are getting this error when consuming one of your REST APIs. Have you guys done anything that could affect the connection? (new certs or similar). The infrastructure of our service hasn't changed and we did consume your endpoint before without any problem.

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

You guys are absolutely horrible when it comes to the .NET platform! Your TLS 1.2 detection sucks and can yield false positives. First, you're code runs independently from the end-user's website application context. It's possible to have multiple versions of .NET installed and a website can be set to use a specific version that doesn't support TLS 1.2. Second, even if the website's framework version supports it, you're crummy check program won't help either if the website's code makes explicit calls to TLS 1.1 code.

A competent .NET programmer would have produced an ASPX file with inline code to check wether TLS 1.2 is supported. The end-user would simply drop the file into their website home directory and execute it using an URL. This would require no downtime and runs within the application context of the site.

The aspx file should explicitly set the protocol to TLS 1.1 and make service calls to PayPal which checks the protocol remotely. If it passes, then the drop in file can definitely report the web site is using TLS 1.2, since it means 1.1 has been disabled at the server or at the framework level.

https://stackoverflow.com/questions/33761919/tls-1-2-in-net-framework-4-0

when i try tlscheck.exe it shows stopped working.

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

3 things:

1. I have noticed that following command for testing needs to be a bit improved:

python -c "import urllib2; urllib2.urlopen('https://tlstest.paypal.com/').read()"
to:

python -c "import urllib2; print(urllib2.urlopen('https://tlstest.paypal.com/').read())"

2. Other thing is that in my case due old OSX python ssl library is linked to old (official) OSX libssl version I get following error:

urllib2.URLError: <urlopen error [Errno 54] Connection reset by peer>

It would be nice to add a remark to this kind of error.

3. I am encountering this problem on OSX 10.9.5 and 10.11 - where default openssl version is 0.9.8 which does not support TLS v 1.1+ (see previous note). What should I do to fix the problem?

Hi Team,
I installed Java1.7.0_79 and enabled TLSv1.2 in My server . When I'm trying to complete(DoCapture) a transaction. I'm getting
"com.paypal.sdk.exceptions.FatalException: Unable to complete HTTPS transaction" Message in NVPAPICallere java when it trying to execute the line "int result = httpclient.executeMethod(httppost);" in same java. Then I printed the exception directly to get exact issue, it shows
Exception :*"javax.net.ssl.SSLPeerUnverifiedException: Could not find class:ava.lang.ClassNotFoundException: oracle/security/cert/X509CertificateImpl". Please guide me to get it resolve.
Thanks,
Manikandarajan.

I was installed framework 4.0 in the windows server 2003. But when I tried run TlsCheck.exe, and it was impossible,
I need update paypal in web appllcation developed in asp and vs2005.
Thank's

https://github.com/paypal/TLS-update/tree/master/net

We are trying to run the executables on Windows Server 2012 (inside Azure server), but it states that the application is not compatible with this version of Windows.

Tried to run it on a person dev machine (localhost) just to try alternate method, which is running Windows 10, says the same thing.

Hi.
In my app I use native webview to show PayPal. Unfortunately, it seems, it's not possible to set default protocol for webview. It looks like PayPal will stop working in my app also on version where TLS v1.2 is not set as default. Is there any solution for this case ? Thank you

If there is no solution for this issue, maybe it will be good to mention it in the main page, for next visitors.

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

General information

• Environment: N/A
• PayPal-Debug-ID values: N/A
• Language, language version, and OS: N/A

Issue description

There's some source code examples in this repo that are designed to be copied, almost wholesale, into other projects. Can PayPal indicate that the source is public domain? i.e. It can be copied freely even into closed source projects? This is the code I'm looking at in particular:

https://github.com/paypal/TLS-update/blob/master/android/app/src/main/java/com/paypal/developer/paypaltlscheck/TlsSocketFactory.java

Thank you for the wealth of information in this repo!

General information

• Environment:
• PayPal-Debug-ID values:
• Language, language version, and OS:

Issue description

The code functionally works and is able to get a response. However, when running the test against the URL https://tlstest.paypal.com, a 503 error is returned.

The server has .NET 4.5 installed and TLS 1.2 enabled.

We found in at the check was failing due an out of date libcurl version. Default for CentOS 6 is 7.19. I appears that libcurl > 7.40 is required for TLSv1.2 support. There's a thread on this here. Just including this in case anyone else runs into this issue.