Seamless Donations warnings: cURL out of date

Home Support Forums Seamless Donations PayPal issues Seamless Donations warnings: cURL out of date

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #9667

    dillig19
    Participant

    I have SSL in place – the host has updated to the latest cURL from the vendor Version 29.0-42
    I’m not sure how to resolve the warning below

    WARNING: Your server appears to have incompatibilities with PayPal’s requirements
    cURL: 7.29.0, SSL: NSS/3.28.4

    cURL version too low:
    PayPal requires TLSv1.2, which requires cURL 7.34.0 or greater. Your server appears to be running an older version (7.29.0).

    It’s correct that they are running 29.0-42 and they are telling me that’s the latest version.

    Any ideas on this one?
    Thank you in advance for your help
    Deb

    #9672

    David Gewirtz
    Developer

    cURL is currently at 7.57. See: https://curl.haxx.se/docs/releases.html

    cURL 3.41 was released in December 2013. cURL 7.29 was released in February of that year. The requirement for 3.41 is not mine. PayPal requires TLS 1.2 and TLS 1.2 requires a cURL version that supports it.

    –David

    P.S. I decided to do some math. There have been 1,692 bug fixes to cURL since the version your vendor says is up to date.

    #9699

    tigertech
    Participant

    Without commenting on whether it’s a good idea to be using older versions, I should point out that the error message is sometimes incorrect. Versions of cURL older than 7.34.0 can certainly support TLS 1.2.

    For example, here’s the version supplied with Debian Wheezy:

    That version of cURL prompts this error message within Seamless Donations:

    However, that cURL supports TLS 1.2 properly:

    So the error message can be misleading. I’ve seen this same problem in another plugin; I suspect the confusion may have arisen because the cURL 7.34.0 binary was the first to offer the “–tlsv1.2” flag. However, that’s just the first version of cURL to offer the flag to force TLS 1.2; it’s not the first version of cURL to support TLS 1.2.

    A reliable check of whether cURL (and everything else in the development stack) will work is to try a connection to <https://tlstest.paypal.com&gt;. This is the method PayPal recommends here: <https://www.paypal.com/webapps/mpp/tls-http-upgrade&gt;. If it works, you know that the current PHP/cURL stack works correctly without needing to compare version numbers, etc.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.