PayPal IPN acknowledgements failing with SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Question

With no changes on our side and perhaps related to POODLE/SSL3 our PayPal API call to PPIPNMessage::validate is now failing with.

SSL routines:SSL3_READ_BYTE         


        

Answer 1

PayPal disabled SSLv3 in response to the "POODLE" vunerability. Read about it here: PayPal Response

If you are using ipnlistener.php, force TLS 1.2 as the SSL Protocol:

curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); 

(Updated: TLS V1.2 required for 2017)

Note: PayPal is upgrading the protocols used to secure all external connections made to their systems. Transport Layer Security version 1.2 (TLS 1.2) and Hypertext Transfer Protocol version 1.1 (HTTP/1.1) will become mandatory for communication with PayPal in 2018. See their Security Roadmap