Why does tlstest.paypal.com work from browser but not from my PHP code (useful for Paypal IPN)?

Question

After 2018 June 30th, Paypal won\'t accept non-TLS 1.2 + HTTP 1.1 requests anymore.
They created the URL https://tlstest.paypal.com/ to test if connections are OK. If we

Answer 1

It works on my side by changing tls:// to ssl:// which makes absolutely no sense to me, but this is also why using fsockopen is a too low level library to just do HTTP exchanges with it (you should use a proper HTTP client library) and at the same time not configurable enough regarding TLS stuff.

With $fp = fsockopen('tls://tlstest.paypal.com', 443, $errno, $errstr, 30); I get :

HTTP/1.1 426 Unknown
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 267
Expires: Fri, 22 Jun 2018 19:49:46 GMT
Date: Fri, 22 Jun 2018 19:49:46 GMT
Connection: keep-alive
Upgrade: TLS/1.2




Access Denied

You don't have permission to access "http://tlstest.paypal.com/" on this server.

Reference #18.8024a17.1529696986.1fc51318

but with $fp = fsockopen('ssl://tlstest.paypal.com', 443, $errno, $errstr, 30); I get:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 20
Date: Fri, 22 Jun 2018 20:05:35 GMT
Connection: keep-alive

And then it hangs, probably because it is a keep-alive connection and the buffer is smaller than 1024 so that you do not get the following body content. Which is probably "PayPal_Connection_OK", as it exactly matches the length displayed in Content-Length. This again shows that you should use an HTTP client library instead of trying to (badly) reimplement HTTP on top of fsockopen.