Driver no longer works for new Stripe accounts where TLS 1.0 enabled on server about omnipay-stripe HOT 8 CLOSED

I'm guessing this is because TLS 1.0 is enabled on the server, and Curl is just choosing the first available protocol. Can we pass a specific protocol through to Curl, via Guzzle, to make sure it only uses TLS 1.2?

from omnipay-stripe.

You may also like to check that you have the correct version of libcurl installed. You need something > 7.40. The same problem exists with PayPal. e.g. on a CentOS 6 server you have to update libcurl from the city-fan repo.

from omnipay-stripe.

I'm running into the same problem. Here's the error message that I'm getting:

Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.

I'm on OSX 10.12.6. My version of libcurl is 7.54.0 and my version of OpenSSL is 1.0.2l. All of those are the most current versions. The curl command, when run from the command-line prompt defaults to TLS 1.2, based upon some tests I did hitting some URLs.

Does anyone have any ideas what might be going on?

from omnipay-stripe.

@emarthinsen - Is your version of the driver definitely showing as having this patch (or a variant of it) in the source code?

from omnipay-stripe.

@coatesap Weird. It does not. Spelunking through the dependencies, it looked like I was using version 2.4.7 of the driver. I'll double check.

from omnipay-stripe.

@coatesap I updated the driver to version 2.4.7 and confirmed that the patch shows up in the code. I'm still getting the same error message.

from omnipay-stripe.

I'm on OSX 10.12.6. My version of libcurl is 7.54.0 and my version of OpenSSL is 1.0.2l

Depending on your environment it may be necessary to explicitly set the TLS version (to 6 if your libcurl doesn't provide a TLS 1.2 constant) on your curl handle. I have confirmed this working on most of the major Linux releases, some older releases require the TLS version to be set, but I don't have an OSX system to test on.

from omnipay-stripe.

I was having the same problem on Mac OSX Sierra. When I did a curl_version() in php, I got the following result:

>>> curl_version()
=> [
     "version_number" => 472576,
     "age" => 3,
     "features" => 951197,
     "ssl_version_number" => 0,
     "version" => "7.54.0",
     "host" => "x86_64-apple-darwin16.0",
     "ssl_version" => "SecureTransport",
     "libz_version" => "1.2.8",
     "protocols" => [
       "dict",
       "file",
       "ftp",
       "ftps",
       "gopher",
       "http",
       "https",
       "imap",
       "imaps",
       "ldap",
       "ldaps",
       "pop3",
       "pop3s",
       "rtsp",
       "smb",
       "smbs",
       "smtp",
       "smtps",
       "telnet",
       "tftp",
     ],
   ]

This shows I was still the SecureTransport rather than OpenSSL. To fix this I followed the advice of this gist: https://gist.github.com/ryanscherler/fea4bb75379c1564df7e027c45615cc9

brew uninstall curl
brew install --with-openssl curl
brew uninstall --ignore-dependencies php72
brew install --with-homebrew-curl php72

And now I get this :)

>>> curl_version()
=> [
     "version_number" => 473344,
     "age" => 4,
     "features" => 2671261,
     "ssl_version_number" => 0,
     "version" => "7.57.0",
     "host" => "x86_64-apple-darwin16.7.0",
     "ssl_version" => "OpenSSL/1.0.2n",
     "libz_version" => "1.2.8",
     "protocols" => [
       "dict",
       "file",
       "ftp",
       "ftps",
       "gopher",
       "http",
       "https",
       "imap",
       "imaps",
       "ldap",
       "ldaps",
       "pop3",
       "pop3s",
       "rtsp",
       "smb",
       "smbs",
       "smtp",
       "smtps",
       "telnet",
       "tftp",
     ],
   ]

And Stripe works again!

from omnipay-stripe.