Hello,
This pluging works as expected when I use it from my development machine. Our version is 4.20 and Plugin is developed by NopCommerce.
Problem begins when we use it on our deployment environment, we always get an error from NOPCommerce. In logs a found this error:
System.ServiceModel.CommunicationException: The SSL connection could not be established, see inner exception. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
Doing some research I tried to change this line from ServicecollectionExtension:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
to
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
But we are still getting same error. Any ideas please?
PayPal Express payment plugin Error on deployment environment
MVP
Développeur certifié
- 579
- 4859
- 23/10/2015
- United States
I think you are on the right track, PayPal requires a TLS 1.2 connection:
https://developer.paypal.com/docs/api/info-security-guidelines/
When they made the change a few years ago PayPal used to have https://tlstest.paypal.com for testing but I could not get it to resolve today. So you can test your deployment environment with a site like https://www.ssllabs.com to confirm whether it has TLS 1.1 / 1.0 / SSL protocols enabled.
If you find those insecure protocols enabled you will need to disable them so your environment only uses TLS 1.2 protocol. For windows, you can google how to edit the registry or use a convenient tool like IIS Crypto. For linux, google how to edit the openssl / apache / nginx configs depending on your setup.
https://developer.paypal.com/docs/api/info-security-guidelines/
When they made the change a few years ago PayPal used to have https://tlstest.paypal.com for testing but I could not get it to resolve today. So you can test your deployment environment with a site like https://www.ssllabs.com to confirm whether it has TLS 1.1 / 1.0 / SSL protocols enabled.
If you find those insecure protocols enabled you will need to disable them so your environment only uses TLS 1.2 protocol. For windows, you can google how to edit the registry or use a convenient tool like IIS Crypto. For linux, google how to edit the openssl / apache / nginx configs depending on your setup.
- 6
- 40
- 29/11/2019
- Spain
I make it work! It was hard to find.
Main problem was that TLS 1.2 was enabled for incoming but not for outgoing. I found the solution here:
https://support.microsoft.com/es-es/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
The important thing to change in your server registry is this:
Para que TLS 1.1
Ubicación del registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client Nombre DWORD: DisabledByDefault Valor DWORD: 0
Para que TLS 1.2
Ubicación del registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client Nombre DWORD: DisabledByDefault Valor DWORD: 0
Main problem was that TLS 1.2 was enabled for incoming but not for outgoing. I found the solution here:
https://support.microsoft.com/es-es/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
The important thing to change in your server registry is this:
Para que TLS 1.1
Ubicación del registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client Nombre DWORD: DisabledByDefault Valor DWORD: 0
Para que TLS 1.2
Ubicación del registro: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client Nombre DWORD: DisabledByDefault Valor DWORD: 0