问题
After a recent upgrade to a new server, a web app that previously accepted a post request from PayPal's Payflow Link stopped working.
After troubleshooting, our current guess is that the legacy Payflow Link, being an older product, is not using TLS 1.1 or TLS 1.2 thereby causing the SSL handshake to fail.
Is there a way to tell Paypal flow to post our site with TLS 1.1 or TLS 1.2?
Super thanks in advance,
回答1:
We had a similar issue.
A Magento (1.8) shop was moved from a CentOS 5 to CentOS 6 server.
On the new server, Payflow Link was not working when the site was set to use HTTPS. If set to use HTTP, the site worked fine. The site also worked find if Apache permitted SSLv3.
We normally use:
SSLHonorCipherOrder on
in our Apache configurations.
If we disable this on CentOS 6, the system works again.
SSLHonorCipherOrder off
I suspect there's some issue with SSL negotiation. I could not find the cause but if we force the cipher order and set strong ciphers, the system fails.
I did a packet capture and I could see Paypal posting back but that connection never hit the Apache logs, so I think it failed during negotiation.
I could not find any documentation about what SSL/TLS protocols & ciphers Payflow link supports.
来源:https://stackoverflow.com/questions/27908281/paypal-payflow-link-tls-1-2-for-post-requests