PayPal Sandbox Express Checkout API Handshake Failure

Posted on September 1, 2016 by Dirk Wagner

At TutorZ we use PayPal as our credit card processor. This means that TutorZ collects credit card information from our tutors and passes them on to PayPal through their REST Express Checkout API.

As a part of the security concerns over advances in computing power, the industry is phasing out 1024-bit SSL certificates (G2) in favor of 2048-bit certificates (G5), and is moving towards a higher strength data encryption algorithm to secure data transmission, SHA-2 (256) over the older SHA-1 algorithm standard.

The problem TutorZ ran into was the PayPal’s sandbox was responding with the infamous “SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure.” This indicated that TutorZ’ SSL certificates were not up to the higher 2048 standards or our cURL/OpenSSL libraries were out of date.

First, I tried to chain VeriSign’s G5 certificate into TutorZ’ certificate store but this didn’t help. Next, I called GoDaddy – TutorZ’ certificate vendor. The rep at GoDadday (with Indian voice, smart and friendly) ensured me that TutorZ’ current certificates, albeit G2, are up to the industry standard of 2048 bit. It was short and productive talk. Good customer service, you GoDaddy guys.

But if it not the TutorZ SSL certificats which are the problem of the PayPal interface error then what is it? A call to PayPal might help – or so I thought. First, finding the number to call on PayPal’s website is a task in itself. After logging into my PayPal account and searching, I found the “call PayPal” page. The number published there is:

“1-888-221-1161”

with their service hours
6:00 AM to 12:00 AM CST Monday through Friday
8:00 AM to 10:00 PM CST Saturday and Sunday

They even provide a one-time pass code with the call. But when calling “1-888-221-1161”, a message said “you have reached a non-working number”. Bad stuff, PayPal guys.

downgrade

Without being able to resolve the problem of PayPal’s REST API I put a temporary work-around into the the TutorZ code. But long term, the solution is to find a better credit card process.

In summary, GoDaddy hey, PayPal Nay.

Dirk Wagner

About Dirk Wagner

Dirk Wagner is owner of Tutorz LLC. He holds a M.S. degree in computer science and has 8 years of experience as software engineer and researcher. Dirk has tutored math and computer science to dozens of students in Southern California. You can find him on Google+, youtube, facebook, twitter, tumblr, quora and pinterest.
This entry was posted in About Us and tagged , .

2 Responses to PayPal Sandbox Express Checkout API Handshake Failure

Leave a Reply

Your email address will not be published. Required fields are marked *