I hope you all are aware of smoke testing performed by PayPal on
their LIVE APIs. I also hope you all are shifted to TLS 1.2 and tested
your integration on PayPal Sandbox. PayPal Sandbox is already upgraded
to TLS 1.2 and if your integration is working fine here then you are
safe.
Else you still have some time to migrate your code logic till June when PayPal will shift to LIVE on TLS 1.2.
https://tlstest.paypal.com
endpoint has been provided by PayPal to verify that your systems can
support the latest security standards. This endpoint supports all of the
security standards to which the PayPal endpoints are moving.
The following is Classic ASP code you can visit https://github.com/paypal/TLS-update for other languages.
ASP.NET Script
protected void Page_Load(object sender, EventArgs e)
{
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
string responsestr;
using (var response = WebRequest.Create(“https://tlstest.paypal.com/”).GetResponse())
using (var streamReader = new StreamReader(response.GetResponseStream()))
{
responsestr = streamReader.ReadToEnd();
Response.Write(responsestr);
}
Response.End();
}
PHP Script
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, “https://tlstest.paypal.com/”);
curl_setopt($ch, CURLOPT_CAINFO, dirname(__FILE__) . ‘/cacert.pem’);
// Some environments may be capable of TLS 1.2 but it is not in their
list of defaults so need the SSL version option to be set.
curl_setopt($ch, CURLOPT_SSLVERSION, 6);
curl_exec($ch);
echo “\n”;
if ($err = curl_error($ch)) {
var_dump($err);
echo “DEBUG INFORMATION:\n###########\n”;
echo “CURL VERSION:\n”;
echo json_encode(curl_version(), JSON_PRETTY_PRINT);
}
?>
Download cacert.pem from here https://raw.githubusercontent.com/paypal/TLS-update/master/php/cacert.pem
Classic ASP script
strResponse = Request.Form(“encResp”)
destURL = “https://tlstest.paypal.com”
Set http_obj = Server.CreateObject(“WinHTTP.WinHTTPRequest.5.1”)
http_obj.open “POST”, destURL , false
http_obj.setRequestHeader “Content-type”, “application/x-www-form-urlencoded”
WinHttpRequestOption_SslErrorIgnoreFlags=4
http_obj.option (9) = 2720
http_obj.send
decResponse = http_obj.ResponseText
response.Write decResponse
You might get following response
ERROR! Connection is using TLS version lesser than 1.2. Please use TLS1.2
On success: A
successful connection to https://tlstest.paypal.com will return an HTTP
200 response with the following text in the body:
“PayPal_Connection_OK”
On failure: One of the following errors will occur depending on what your system does not support:
HTTPS – tlstest.paypal.com will return an HTTP 400 response that contains this text: “ERROR!
Connection is not HTTPS. Please use https://tlstest.paypal.com”
HTTP/1.1 – tlstest.paypal.com will return an HTTP 400 response that contains this text: “ERROR!
Connection is using HTTP/1.0 protocol. Please use HTTP/1.1”
TLS 1.2 (SHA-256) – Your code will throw an SSL connection error.
