Support

EE4 Everything License

July 13, 2018 at 6:49 am

This looks like the same problem I’m having, I’m also with Bluehost.

https://www.paypal.com/webapps/mpp/tls-http-upgrade

Support Staff

July 13, 2018 at 7:42 am

Hi there,

That’s actually the error from when your website communicates with PayPal. PayPal has just completed their rollout to upgrade to TLS 1.2 (you may have gotten an email from PayPal about this).

The way forward is you’ll contact your web hosting provider and ask them to update your web server to meet PayPal’s new requirements listed here:

Support Staff

July 13, 2018 at 8:08 am

Hi,

You’ll need to contact Bluehost support and let them know you’re getting the following error when PayPal tries to communicate with your website:

http_request_failed
cURL error 35: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

They’ll need to fix/upgrade the cURL module on the server.

July 13, 2018 at 11:48 am

EE4 Everything License

Thanks!

I’ve been online with their tech support most of the day. Not had much joy with them, it has though been escalated…

Hopefully, something will be done soon as I can’t be the only person with this problem.

EE4 Everything License

July 15, 2018 at 4:20 am

After a long wait they’ve come back with this.

That test shows that TLS 1.2 is in use. There are some outdated browsers and devices that still force 1.0 because they are out of date, but 1.2 is in use primarily. If you have a plugin or other service that is forcing the use of 1.0, then that will be what the developer looks into.

Thank You,
Tier 2 Support

I’m still unable to process payments.

EE4 Everything License

July 15, 2018 at 5:20 am

Just tested the site with another Paypal plugin and it’s works with no problems. This must mean the issue is with the EE plugin?

Again the error log reads as this

http_request_failed
cURL error 35: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

I’m currently just going round and round in circles with this, if the problem is indeed with Bluehost can you let me know exactly what I need to say to them please.

EE4 Everything License

July 15, 2018 at 1:26 pm

I’ve been having the same problem since Friday.

Support Staff

July 15, 2018 at 2:58 pm

This must mean the issue is with the EE plugin?

No, it means the other plugin uses an API from PayPal that doesn’t use cURL.

if the problem is indeed with Bluehost can you let me know exactly what I need to say to them please.

They need to:
1) Upgrade to cURL version 7.34.0 or higher
2) Upgrade to OpenSSL/1.0.1 or higher

Support Staff

July 15, 2018 at 3:09 pm

One further point of clarification regarding:

If you have a plugin or other service that is forcing the use of 1.0, then that will be what the developer looks into.

Event Espresso does not force the use of TLS 1.0.

EE4 Everything License

July 16, 2018 at 4:55 am

OK, I’ve just spent almost 2 hours with Bluehost on the phone. UK to US calls aren’t cheap, they’ve checked and assured me that everything at their end is up to date.

I really don’t know what else I can do here, any suggestions?

https://eventespresso.com/send-login-details/

Support Staff

July 16, 2018 at 5:16 am

Hi Jeff,

I’m sorry to say, but I don’t think there is much we can do as it’s a server config issue.

However, if you can send me temporary login details to the site I’ll run a quick couple of tests confirm?

Note I’ll need to install a couple of plugins to run some code on the site and we don’t install plugins/code without FTP access so both WP-Admin and FTP credentials will be required:

EE4 Everything License

July 16, 2018 at 5:46 am

Hopefully everything I’ve sent is correct.

Support Staff

July 16, 2018 at 6:53 am

The FTP password does not appear to be correct, can you recheck it, please?

EE4 Everything License

July 16, 2018 at 6:59 am

How can I get the password to you?

Support Staff

July 16, 2018 at 7:21 am

You’ll need to resubmit the form to send it securely.

EE4 Everything License

July 16, 2018 at 7:32 am

Sent, hopefully, correct this time.

Support Staff

July 16, 2018 at 8:53 am

Ok, I added a small snippet of code to the version of EE you are using and the connections now seems to be working, the root cause is the version of cURL/OpenSSL on the server but right now your site is forcing PayPal connections to use TLS1.2 and it appears to be working or me.

Can you test, please?

I’ve created a ticket for our developers to discuss this further and we’ll likely add ‘something’ to the next version of EE to just fix this before its an issue. (We don’t recommend editing core files like I have here, however because its likely we’ll need to add something to prevent this in core its an exception as my modification will be lost on update, but replaced with whatever we add)

EE4 Everything License

July 16, 2018 at 8:57 am

Seems to be working fine here. THANK YOU!

I’ll be talking to Bluehost about this as this is on them, can you let me know what was added so I know exactly what I should be telling them.

Support Staff

July 16, 2018 at 9:18 am

There’s a little more to it than just Bluehost.

EE sets PayPal connections to use TLS at a minimum, what should happen (and does with ‘current’ versions of cURL) is the site will negotiate the highest protocol version that both the host and client support.

So what I’ve done is update the code to use this curl_setopt($handle, CURLOPT_SSLVERSION, 6); whenever the site makes a connection to PayPal through cURL. (6 was 1)

So the fact that we set a value on CURLOPT_SSLVERSION for PayPal is preventing the connection on the Bluehost server due to the version of cURL it’s using which is over 6 years old (I’m not posting the version number as there may be exploits available, I don’t know if there are but better to be safe).

So whilst I stand by what I said above in that this is a config issue, to be clear it’s also due to EE setting the above value on the version used on that server.

July 16, 2018 at 10:05 am

EE4 Everything License

Thanks Tony.