Skip to content

TLS 1.2 Support

Web hosting discussion, programming, and shared and dedicated servers.
5 posts Page 1 of 1
Post a reply

TLS 1.2 Support

by mrpasini » Wed Oct 05, 2016 12:02 pm
I've been updating code on my site to be compatible with Paypal's June 2017 requirement for TLS 1.2 and noticed that the Sonic server doesn't yet support that.

Do you plan to update OpenSSL used by PHP so it supports TLS 1.2? And, if so, when?
by drew.phillips » Thu Oct 06, 2016 2:26 pm
Hi Mr,

Yes, we do currently support outgoing TLS 1.2 connections as long as your site is configured to use PHP 5.5.

To do this, follow the instructions on our PHP5 wiki page to add the following lines to your .htaccess file:

Code: Select all

Action php-cgi /cgi-bin/php55
AddHandler php-cgi .php
You can use the following PHP code to test the connection to PayPal to ensure it's working:

Code: Select all

<pre>
<?php
ob_start();
$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_STDERR, $debug = fopen('php://memory', 'w'));
curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/");
//curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . '/cacert.pem');

$res = curl_exec($ch);
fseek($debug, 0, SEEK_SET);
$debugout = stream_get_contents($debug);
fclose($debug);

echo $debugout . "\n";

echo "Result = "; var_dump($res);

if ($err = curl_error($ch)) {
    echo "ERROR: $err\n";
    echo "DEBUG INFORMATION:\n###########";
    echo "CURL VERSION";
    echo json_encode(curl_version(), JSON_PRETTY_PRINT);
}

?>
</pre>
Just place that code in a ".php" file in your web root and call it from your browser.

If it doesn't print any errors and shows something like "Result = bool(true)" then it worked. You'll also see something in the output to the effect of "SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256".
Drew Phillips
Programmer / System Operations, Sonic.net
by mrpasini » Thu Oct 06, 2016 3:10 pm
Oh, that was easy! Just had to 1) add the php5 lines to .htaccess, 2) upload the test PHP code you supplied and 3) upload the certificate you supplied to get:

> Result = bool(true)

But my Linklok code (http://mikepasini.com/linklokipn.php?testtls=1) from Vibralogix still reports a problem:

> The error reported by the server is: SSL certificate problem: unable to get local issuer certificate

So...
by drew.phillips » Thu Oct 06, 2016 3:19 pm
Looks like it's working now. We went ahead and updated the CA certificate bundle used by *all* PHP versions that contains the root certificate authorities that sign PayPal's SSL certs. In short, PHP 5.5 should be able to talk to most any website using TLS 1.2 with the ability to verify the certificates without having to use any custom CA file and code.
Drew Phillips
Programmer / System Operations, Sonic.net
by mrpasini » Thu Oct 06, 2016 4:12 pm
Confirmed! It's working. Thanks for our help.
5 posts Page 1 of 1

Return to “Hosting”

Who is online

In total there are 128 users online :: 0 registered, 0 hidden and 128 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am
Users browsing this forum: No registered users and 128 guests