I am new to the whole button encryption with paypal. It seemed like all I had to do is what is explained on this page http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php
but it seems more like than just a plug in play. Seems as though I need Open SSL. I use hosting and don't know if I have the right to install Open SSL on my server or should I just get SSL in the first place since I will be using it in the next couple of months. Currently I have a apache server with cpanel. Any advice would be great. Thank you in advance.
This can be a bear to install and get working with your PHP code. The workaround is to not encrypt, but use a hash to detect tampering, and then reconfirm the hash when the IPN is processed. I explain this here:
How do I make a PayPal encrypted buy now button with custom fields?
Related
I've recently done my first wordpress site that is using an SSL license. I've noticed it comes up as secure but with errors. In the details it says the following.
Your connection to www.kluemperinsurance.com is encrypted with
obsolete cryptography. However, this page includes other resources
which are not secure. These resources can be viewed by others while in
transit, and can be modified by an attacker to change the look of the
page.
The connection uses TLS 1.0.
The connection is encrypted using AES_256_CBC, with SHA1 for message
authentication and DHE_RSA as the key exchange mechanism.
I'm not familiar with any of this so I went to an SSL error checking site to find out what is causing the errors and every page comes up with this.
Pages with unsecure content: https://www.kluemperinsurance.com/ ?
http://ajax.googleapis.com/ajax/libs/webfont/1.4.7/webfont.js
http://feedburner.google.com/fb/a/mailverify
I've tried to figure out how to fix these two issues but I haven't had any luck so far. I'm not using a feedburner of any kind that I am aware of. No plugins being used either. For the webfont issue I followed the instructions from this link and it did not seem to help.
Am I at least on the right track here? What do you suggest I look for instead? Do you know how to fix it?
You have http links on a site which is being served as https. Change any links such as http://ajax.googleapis.com/ajax/libs/webfont/1.4.7/webfont.js to their secure version if available. Normally this will simply be changing http:// to https:// or // but you will need to check if your third party providers support secure urls, and if so what they are (some might use the hostname ssl instead of www for example).
I have been working for quite some time on a website that highly depends on Paypal working properly on it. Without it, it is really useless.
Around 1 in the morning my time (I am at CET timezone) everything working perfectly, I polished up the code, functions and it was working as it should. I made triple checks before I went to sleep that everything works as it should.
I wake up in the morning and nothing that has to do with Paypal actually works. A little bit of an explanation of what I am using before I show you the actual code and error. I am using Express Checkout and Paypal Adaptive Payments SDK.
I have a few "virtual" accounts that I made on developer.paypal.com in order to simulate facilitator (owner) and buyer interaction since I have scenario when owner gives money to ther user and visa versa. Anyhow they both worked perfectly and now they both throw this error (in Adaptive Payments SDK, it tells me in which line of code is a mistake and in Express Checkout since that is code that is done via documentation it does not show in which file the error is but it is the same error):
'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure'
Now after I saw this post https://devblog.paypal.com/poodle-ssl-3-0-vulnerability/ that you just disabled SSL totally, I realized that the problem is in that actually. You want your users to use TLS now which is totally fine. I triple checked that my server has TLS enabled and it does and I changed (for over a million times already) my config settings to use that TLS in cURL (since I am using PHP) by doing something like:
curl_setopt($ch, CURLOPT_SSLVERSION, 1); (this is how it looks like in Express Checkout and in Adaptive Payments it is just an associative array , but it is really the same thing in both)
I also found somewhere and in your advices to actually update my api credentials. I did that. I went to paypal.com -> API and then clicked update which worked, but then I noticed that on my developer.paypal.com account where I have a few of virtual accounts nothing has changed. Should I update those manually or what?
Edit:
This was sent to Paypal support and I was really in a hurry and could not write the entire thing again, so sorry about that! Issue is fixed thanks to anyone who actually took time to read it.
The issue was fixed with the adding CURLOPT_SSL_CIPHER_LIST => 'TLSv1' to my PPHttpConfig.php file! :)
Try add
CURLOPT_SSL_CIPHER_LIST => 'TLSv1'
to your PPHttpConfig.php file. I had the same issue with you and spent hours to find the solution. This worked for me.
One of the reasons for this error is older version of PHP and OPENSSL for e.g. PHP 5.3.5 will cause this error.
Solution, update the PHP (recomended >= 7).
This comes up when searching for Magento Error:14077410:SSL Routines:SSL23_GET_SERVER_HELLO:sslv3 Alert Handshake Failure! If you are trying to solve that, here is the link to the guy who originally solved the issue along with a downloadable patch: https://www.dwdonline.com/blog/fix-magento-error14077410ssl-routinesssl23_get_server_hellosslv3-alert-handshake-failure.html It's the same error - just in another software package.
I've had the same problem.
My server is an old version of Ubuntu 12.04
Check sertificates
echo "All certificates in ca-certificates.crt, listed by subject, check for presence of VeriSign's 'Class 3 Public Primary - G5':"
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep "G5"
I updated openssl.
sudo apt-get install openssl
I could updated curl only by this instruction.
http://pavelpolyakov.com/2014/11/17/updating-php-curl-on-ubuntu/
curl 7.47.1 version
And I updated libcurl.
http://juniway.blogspot.com/2015/12/curl-48-unknown-option-was-passed-in-to.html
Is the CURLOPT_CAINFO in the curl_setopt_array for PayPal in order for 'live' mode to work?
So basically what im asking is do we have to have SSL in order for PayPal live mode to work, because my script i have made works in sandbox, updates my db how i want it, but only in sandbox, not live. Im not wanting to post my script here I'll open a new thread for that, im just asking a general question so hopefully it will help me, or others in the feature, i searched Google and couldn't get a solid answer.
Have a great day!
As of using curl to make connection to Paypal, if Paypal does allow plain http connection, sure you don't worry about SSL. In that case, answer to your REQUIRED question is NO. But as you see, it depends on the service you are talking to. Let's say Paypal only allows https for production server, then you have to deal with SSL, either by ignoring it or set correct cert path. Both have to be done in set_opt. And here is another qa for this:
Source of PEM files for web service access
I'm developing a project using Javascript, PHP and OpenLayers. A lot of maps are loaded using and HTTPS connection against an external OGC server.
When I try to load the map using HTTPS, they doesn't load (instead of, they show me an "Error loading the map, try again later").
I think that the problem is because of Digital Certificate. If I load directly from the server (using a WMS call) like this (look the last parameter):
https://serverurl/ogc/wms?service=WMS&version=1.1.0&request=GetMap&layers=ms1:lp_anual_250&styles=&bbox=205125.0,3150125.0,234875.0,3199875.0&width=306&height=512&srs=EPSG:4326&format=application/openlayers
The browser ask me for my authorization to see it. If i accept the Digital Certificate, I can see the map. After that, and because of my browser now accepts the certificate, I can see my own map from my own application.
So, the question is: Is there any way to ask for the Digital Certificate mannually when the user access to my web?
Thanks in advance!
PS: solutions using PHP are welcome too because I'm using CodeIgniter to load views
You could try opening the WMS URL in a div or perhaps a hidden iframe - that may cause the browser to pop up its 'Unknown cert' dialogue.
Im going to quote another user (geographika) from gis.stackexchange. I hope can help to someone with my issue:
You can use a proxy on your server so
all client requests are made to your
server, which deals with the
certificate, gets the request and
passes it back to the client. For PHP
have a look at
http://tr.php.net/manual/en/function.openssl-verify.php
If you are also using WMS software
(MapServer, GeoServer) you could
implement the same technique using a
cascading WMS server.
For details on how to do this in
MapServer see
http://geographika.co.uk/setting-up-a-secure-cascading-wms-on-mapserver
I am new to php, I can do a simple login page, e.g create form, submit form, process and authenticate in a php page and so on.
I read somewhere on the internet, and saw some big companies like banks, google and yahoo, their login form is in "https" not "http". So I try google what is "https" thing. Well, I could not say I fully understand what that thing is, but I think I know the concept, i.e. create a more secure login page.
I believe php could do it (cause I saw wordpress using https, and wp is using php). Is there any tutorial or can you guys give a sample code on how to do a secure login https page with php? Not necessary full code ( cuz I dun want to trouble you guys ), but if can give a full code, would me most appreciated :)
You need to buy a SSL certificate from a company like Verizon or InstantSSL. Then, you will need a web host who has Open SSL or another software for processing SSL certifcates installed.
When you purchase a certificate from Verizon/Instant SSL, they will give you some encrypted code using which you could configure your Open SSL software, and then having https:// urls will work.
This isn't something you can do using plain php.