For many months there have been repeated requests from Paypal to users of the provided interfaces to update their systems to current versions or to establish connections only via the current protocols. In principle, this is not a problem, because most operating systems, even those several years old, can support this without any problems.
You can test your system for example with the following command:
php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'
The return value is either
PayPal_Connection_OKbool(true)
string(0) "
or if it doesn't work out:
bool(false)
string(17) "SSL connect error"
The latter error occurs, for example, under Redhat/Centos6.
In principle, the connection with Redhat6 also works under tls 1.2 but unfortunately the used program "curl" does not automatically negotiate this connection with tls1.2. This bug was updated by Redhat in May and will also be available for Centos6 soon. As a webserver operator you should therefore update all packages to the latest version and especially use curl from version 7.19.7-52. Redhat
Until then you would have to ask curl to use the current version, e.g. with :
php -r '$ch = curl_init(); curl_setopt($ch, CURLOPT_SSLVERSION, 6); curl_setopt($ch, CURLOPT_URL, "https://tlstest.paypal.com/"); var_dump(curl_exec($ch)); var_dump(curl_error($ch));'.
But no need to panic. Due to the update laziness of most users Paypal has extended the deadline for changing the protocols or switching off the old protocols by 1 year to the 30.6.2017.
