I get TLS related error using built-in payment gateway extensions. What should I do?

Payment services that we use for our built-in payment gateway extensions are currently in the process of moving all of their servers to the most recent and most secure connection protocol - TLS 1.2.

PayPal currently switched some of Sandbox servers and will be switching Live servers in 2017.

Here's some related links from PayPal: developer.paypal.com and Microsite about TLS 1.2 upgrade

Stripe recently moved to TLS 1.2 connections entirely. This means that no payment gateway will work, unless your server not only supports TLS 1.2 connections, but are actually able to use them.

So in case you're getting this error in Stripe's response to any request:

Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.

You will need to confirm from your hosting provider that your server supports TLS 1.2 connections.

Note that in some cases your provider may answer that this protocol is enabled and being used, when in reality TLS 1.0 will probably be used for connection with gateways and nothing will be working. That can be also said with some "proof" links, similar to this site - https://www.ssllabs.com/ssltest/analyze.html

Unfortunately this will be unrelated to the actual issue. This will only show your TLS certificate and how server can respond to requests from regular customers.

But the real problem that should be addressed is when your server communicates with payment gateway's server, it should negotiate a correct TLS version. The error happens because payment gateway "asks" for TLS 1.2, and server only "agrees" on TLS 1.0, after which payment gateway throws an error.

That is, in the built-in Stripe extension there's no clear indication to use any version, which means it's only decided by servers on connection.

In PayPal Express Checkout gateway, however, there's "subscriptio_sslversion" filter available, which is used to set the protocol of connection to TLS 1.2 by default. As any filter value in WordPress, it can be changed.

If you are skilled enough to edit PHP files of your theme, you can check the TLS version used for server-to-server connection by inserting and running this code (provided by Stripe support):

<?php
$c = curl_init(); curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check"); curl_setopt($c, CURLOPT_RETURNTRANSFER, true); $r = json_decode(curl_exec($c)); curl_close($c); echo $r->tls_version . "\n";
?>

Have more questions? Submit a request