0

I've put together a site utilising the Stripe payment system. Upon making a test payment over HTTPS, I get the error:

Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later.

I've made sure all my versions of software are up to date:

PHP Version: 7.0.7

cUrl Version: 7.47.1

SSL Version: OpenSSL/1.0.2h

I've also tested my site itself on https://www.ssllabs.com/ssltest/analyze.html to make sure TLS 1.2 is enabled and functional on the server.

The only thing I can think is if there is possibly an issue with the certificate bundle I have registered in php.ini (CURL curl.cainfo setting), but since Stripe source has a "ca-certificates.crt" already included I wasn't sure if I even needed to set an entry for curl.cainfo in my php.ini file.

Any advice would be massively appreciated. If there is any additional information I can provide that might help, just let me know.

EDIT: Currently using Stripe's PHP Framework v4.1.1 (Latest)

Improve this question

2 Answers 2

Reset to default
1

The SSL cert you mentioned is used by your server to respond to incoming requests. What this means is that if I visit your website, as a customer, my browser (Chrome) will try to talk to your server over TLS 1.2 by default as it uses the most secure protocol first. Your server is apparently able to answer requests over TLS 1.2.

The issue we have right now is that when your server contacts Stripe's servers it negotiates TLS 1.0 by default instead of TLS 1.2. Since Stripe is going to deprecate requests made with TLS < 1.2 this means your requests will start failing next year if you don't upgrade.

What I'd recommend here is to talk with your webhost about this so that they can help you look into your setup and ensure that you do support TLS 1.2 requests from your server to Stripe's. Additionally, you can follow the steps outlined at https://support.stripe.com/questions/how-do-i-upgrade-my-stripe-integration-from-tls-1-0-to-tls-1-2 to ensure that your code libraries also support TLS 1.2.

This could also be caused by an outdated version of Stripe's PHP library. They released version 3.19.0 on Friday July 29th which corrected a bug that affected some setups which might explain why you're getting this error even if your host supports TLS 1.2. You may also try updating the Stripe PHP library that you are using to the current version to see if that solves your issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Zach, unfortunately, since my Stripe account is fairly new, I'm already having the TLS 1.2 restriction enforced, hence my current dilemma. I've also updated to the latest version of the Stripe PHP framework to make sure the libraries were up-to-date, but still receiving the same error.
I got in touch with my webhost yesterday, who essentially said that the server does currently support TLS 1.2, so it's most likely I'll have to somehow enable that, all they could offer was disabling TLS 1.0 and 1.1 in the hopes that it would trigger TLS 1.2, but I'm not sure that will help, and scared it might affect some of my other hosted sites.
0

Problem was with my local issuer certificate, turns out I was on the right track.

Had to set a default value in my php.ini file for curl_cainfo and that fixed it.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.