Ssl – error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

We have online shopping site. When I am going to checkout page i am getting a error like this "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)"

From the apache error log i can see some attempts to connect to api.paypal.com. Here is the part of my apache error log

* About to connect() to api.paypal.com port 443 (#0)
*   Trying 66.211.168.123... * connected
* Connected to api.paypal.com (66.211.168.123) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection #0

When i tried to connect to api.paypal.com using curl i am getting a error like this

curl -iv https://api.paypal.com/
* About to connect() to api.paypal.com port 443 (#0)
*   Trying 66.211.168.91... connected
* Connected to api.paypal.com (66.211.168.91) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS alert, Server hello (2):
* error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
* Closing connection #0
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL3 alert read:fatal:handshake failure SSL_connect:failed in SSLv3 read finished A 6016:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40 6016:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Best Answer

openssl s_client does a better job of explaining what's going on here since it gives whether it's receiving or sending these messages. api.paypal.com is requesting a specific client certificate (this is the * SSLv3, TLS handshake, Request CERT (13) line curl is printing) and you're sending the wrong (or no) certificate, so your connection fails:

Googling for paypal api info, it appears that you'll need to request a client certificate for the API. They also have a username/password "signature" option, but this option uses a completely different server. If you have these, then configuring your cart software to use them is an issue to take up with the cart developer. If you are the developer and you have a certificate, see the --cert, --cert-type, --key, and --key-type flags to curl to configure the cert and private key curl uses.

Best Answer

Related Solutions

Using client certificates with wget

Ssl – Error 502 – Random SSL Library Error: 336151568 error:14094410

Related Topic