连接到沙箱的套接字连接错误,请访问www.sandbox.paypal.com

时间:2016-02-06 22:03:42

标签: openssl sandbox messages fsockopen

当我尝试与fsockopen联系时:

$fp = fsockopen('tls://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

该功能显示以下错误:

Warning: fsockopen() [function.fsockopen]: SSL operation failed with code 1.
OpenSSL Error messages: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3
alert handshake failure in /home/puntodec/public_html/test_socket.php on (line number)

Warning: fsockopen() [function.fsockopen]: Failed to enable crypto in 
/home/puntodec/public_html/test_socket.php on (line number)

Warning: fsockopen() [function.fsockopen]: unable to connect to 
tls://www.sandbox.paypal.com:443 (Unknown error) in (line number)

但如果我使用tls://www.paypal.com则没有显示错误。 Paypal是否已更改沙盒的套接字配置?或者还有什么问题?

请帮助我,谢谢你们的帮助。

2 个答案:

答案 0 :(得分:1)

  

Paypal是否更改了沙盒的套接字配置?或者还有什么问题?

看起来PayPal禁用了TLS 1.0和1.1。或者,他们只支持AES / GCM密码套件(和类似的)。您必须使用TLS 1.2。

您可以找到一篇博文或新闻稿,说明相同的内容......

TLS 1.0

$ /usr/local/bin/openssl s_client -connect www.sandbox.paypal.com:443 -tls1 -servername www.sandbox.paypal.com
CONNECTED(00000003)
140735201563100:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
140735201563100:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    ...

TLS 1.2

$ /usr/local/bin/openssl s_client -connect www.sandbox.paypal.com:443 -tls1_2 -servername www.sandbox.paypal.com
CONNECTED(00000003)
...
---
Certificate chain
 0 s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=PayPal Production/CN=www.sandbox.paypal.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIQVeuz+EgDzKxFsKnpA78ETzANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwOTE4MDAwMDAwWhcNMTcwOTI5
MjM1OTU5WjCCARcxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
VQQFEwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UEEQwKOTUxMzEtMjAyMTET
MBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIU2FuIEpvc2UxFjAUBgNVBAkM
DTIyMTEgTiAxc3QgU3QxFTATBgNVBAoMDFBheVBhbCwgSW5jLjEaMBgGA1UECwwR
UGF5UGFsIFByb2R1Y3Rpb24xHzAdBgNVBAMMFnd3dy5zYW5kYm94LnBheXBhbC5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOQlgP1/OgAQ7TLB1A
1Kwr6a3EIfZRKl5HT9FmwR5sliGJBzQC4UdjUkCOQYBqzCwFrvc486aVTtAvE2JK
PVP1OertRT7rQH8Oq/d60X2Cv32PmvwO0NnPsiQWwEKtqAvfHOUZf+4nfp3LxfGa
gb4k4Nbeq/PegcArIXlGC06M85Urz3b10JqitnWgiHDRYWzh9PlHnPf6m/zVtLQw
GYZxu11Gtq8wB5Ot4q2vlQTf1WcR4Li5HmAFIVHYXgjNLpfdI3PMNkjTiZEgn1AT
kqkxyxzTt9V4YnwM7JEvygBpXRJKRHGYy52O35uKNdO+8J27HNX8kWnSHI1ogpC+
dezbAgMBAAGjggFwMIIBbDAhBgNVHREEGjAYghZ3d3cuc2FuZGJveC5wYXlwYWwu
Y29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYB
BQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0
dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8g
B1fVkedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu
Y3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNk
LmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwDQYJ
KoZIhvcNAQELBQADggEBACEZZKMKatEKSSuTaBF+qeRP2CqqJLZefggNLXDM8hNb
mh05RQ95FSqGQMSKprbDNWxYqPERee7R2wvW4egmM0kmtU+PWlm/W1DaSE0E/5QN
6gx9Is0wC7DF4W3USGT8M4Itp225wf9doh2d3+ACw19xHfmri0fQiogrPSo3U0/X
tD7QKpFNlrgpXH5Xz5qReiJeZnbI89dw1ILEdDjni/OCZmYGUpfZS2vY4eqR0w+s
0NWsfHzijXkJug2nrDjXJAmZAsagwR8acYOI8L86hJP8GC554z6TiuA6Of2GxVzx
ngM1+KlNBGhY5NRTEJG10KcQklDH6nMdoR1ZjajM7mw=
-----END CERTIFICATE-----
subject=/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=PayPal Production/CN=www.sandbox.paypal.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
---
No client certificate CA names sent
Peer signing digest: SHA1
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3263 bytes and written 474 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 9E01CD86FA9CF328AD505F17E34C0A9BE6846F89E553D8D0F2946F8859F695C7
    Session-ID-ctx: 
    Master-Key: BB1AC5E8C2AAF6B393EB85558C25F2AD8A28CA071E5605D3CEA714A15DC8E9D1
    16948150238A67245BBE5C3BD7B81EC2
    ...

答案 1 :(得分:1)

谢谢,问题是我的服务器中的tls版本:

PayPal回答

PayPal最近在沙箱环境中实施了安全升级

PayPal最近在沙箱环境中实施了安全性升级,请参阅https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1913&viewlocale=en_EN

SSL证书升级指南 https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1766&viewlocale=en_US