Both of the payment services used in our built-in payment gateways, PayPal and Stripe, use a modern and secure connection protocol – TLS 1.2. As such, in order for the payment gateways to function, your server must support and use TLS 1.2 connections.
If TLS 1.2 is not supported and enabled, you may receive the following error from Stripe:
Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later. You can learn more about this at https://stripe.com/blog/upgrading-tls.
In this event, you will need to contact your host/server administrator and ask them if your server supports TLS 1.2 connections.
In some cases your server may support TLS 1.2 for normal requests from users (or ‘testing’ sites such as https://www.ssllabs.com/ssltest/analyze.html) but still give the above error when attempting to connect to Stripe. This is likely due to the protocol being supported and an appropriate TLS certificate being present, but only TLS 1.0 being used for outgoing connections.
The payment gateway will request TLS 1.2, but the server only ‘agrees’ to TLS 1.0. The extension itself cannot force a particular version to be used.
For the built-in PayPal gateway, a filter is available to set the connection protocol to TLS 1.2 by default, ‘subscriben_sslversion’. This filter can be used to change the TLS version.
If you are able and comfortable to edit PHP files, you can check the TLS version used for server-to-server connection by inserting and running the following code in your theme files (provided by Stripe support):
<?php $c = curl_init(); curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check"); curl_setopt($c, CURLOPT_RETURNTRANSFER, true); $r = json_decode(curl_exec($c)); curl_close($c); echo $r->tls_version . "\n"; ?>
Posted in: General