Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Getting this error when i try to process a payment.
"Stripe no longer supports API requests made with TLS 1.0. Please initiate HTTPS connections with TLS 1.2 or later."
I'm using Stripe library v1.18.0 as detailed on the module page.
Comments
Comment #2
torgosPizzaTLS and SSL versions are controlled by your hosting company (since it requires SSL packages such as OpenSSL). You should reach out to them and ask if they can enable this option for you.
You can find more information in Stripe's blog post on this subject.
Comment #3
benjmarr CreditAttribution: benjmarr as a volunteer commented@torgosPizza
I'm having the same issue on a new stripe account. My site is TLS1.2 ready and fully PCI DSS. I have run the test specified on stripe KB for v3 of library and it is returning "TLS 1.2 supported, no action required." However when running the test with v1.18.0 I am getting "TLS 1.2 is not supported. You will need to upgrade your integration."
Unsure where to go from here? I am also running php 5.6(not sure if this is creating issue when using the older library)
Comment #4
benjmarr CreditAttribution: benjmarr as a volunteer commentedComment #5
torgosPizzaInteresting, perhaps there's something wrong in version 1.18? That'd be my first guess, however we are using it in production and haven't had any trouble.
Let me do some digging - it would be worth making the module compatible with v2 and 3 of the API library, and it's possible that changes which were made in recent versions just need to be backported, or the module itself updated.
Comment #6
benjmarr CreditAttribution: benjmarr as a volunteer commented@torgosPizza
Thanks for looking into it! I tried rolling back to php5.4 as well with no success. I also tried an old stripe account and had the same issue.
Comment #7
plato1123 CreditAttribution: plato1123 commentedI was getting this error (under UBERCART, sorry Commerce guys, stumbled across this post) with the 3.13 version of the library. When I rolled back to 2.2.0 version of the library the error went away. Some sort of incompatibility with older versions of Curl (7.24) I guess?
Comment #8
pdesai CreditAttribution: pdesai commentedWe just created a Drupal Commerce site and are using this Stripe module and receiving this error too.
Comment #9
torgosPizza@pdesai: Can you confirm you're using version 1.18 of the Stripe-PHP Library, and your server's installation of SSL meets the requirements for Stripe?
I'll try to do some more thorough testing ASAP.
Comment #10
pdesai CreditAttribution: pdesai commentedYes I'm using 1.18 and using updated server settings as per Stripe. Also tried using PHP 7 vs 5.4 and neither worked.
Comment #11
torgosPizzaI have just tried on our server using PHP 7 and Library version 1.18 and was able to connect without any issue.
I truly believe this is a server configuration problem, as @plato1123 mentioned it could be related to older versions of cURL.
One thing I would recommend everyone experiencing this issue do, is visit the SSL test here: https://cryptoreport.geotrust.com/checker/ and enter your site's domain name. You'll want to make sure you support TLS 1.2, and if it's not enabled, contact your host.
If those protocols do show up as enabled then it could be something else, but at this time I'm still unable to reproduce the issue.
That being said, I have plans to shore up our Library compatibility so that we're compatible with v3.
Lastly: I also reached out to Stripe engineers to see if they have any other suggestions to try and figure out what else might cause you to see these errors, assuming your server is indeed meeting all of the proper requirements.
Comment #12
pdesai CreditAttribution: pdesai commentedThanks for jumping on this. I had updated cURL as Stripe suggested on their site before posting. Here is what was updated earlier:
Downloading Packages:
(1/4): curl-7.19.7-52.el6.x86_64.rpm | 197 kB 00:00
(2/4): libcurl-7.19.7-52.el6.x86_64.rpm | 169 kB 00:00
(3/4): openssl-1.0.1e-48.el6_8.3.x86_64.rpm | 1.5 MB 00:00
(4/4): openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm | 1.2 MB 00:00
We may have found our issue, our server is running Apache 2.2.15 and TLSv1.2 was supported until Apache 2.2.3. Going to move this site to CentOS 7 running Apache 2.4 and give it a shot.
Comment #13
benjmarr CreditAttribution: benjmarr as a volunteer commentedIm on the following with the issue remaining-
curl- 7.29.0
libcurl- 7.29.0
openssl- 1.0.1e
apache-2.4
paste from cryptoreport @torgosPizza
Server configuration
Host name:
----
Server type:
nginx
IP address:
----
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
Comment #14
torgosPizza@brandercreative: That is interesting. I still haven't heard back from Stripe yet, but I'm hoping they can shed a bit of light on this. Remember that, at least according to their blog post linked above:
Were you also able to use the PHP test snippet from Stripe? Here it is below, modified for our usage (be sure and use your actual test key):
If that fails, would it be possible for you contact your hosting support and ask them about any additional packages that may require updating?
Any additional information would be helpful since again, I'm unable to reproduce this in any capacity currently. Thanks for the help!
Comment #15
torgosPizzaHere is an issue in the PHP Library for Stripe that might help, too. I don't believe the TLS version is being specified in the Library itself, but it is possible that your server is configured to use a specific version rather than "the highest one available." https://github.com/stripe/stripe-php/issues/301
Here is the PR where they changed this: https://github.com/stripe/stripe-php/pull/299
An issue around how to test cURL: https://github.com/stripe/stripe-php/issues/290
Information on using TLS 1.2 with the 1.x version of the Library (which should work as long as your packages are not interacting in a conflicting way): https://github.com/stripe/stripe-php/issues/288
Hopefully these will help in our quest :)
Comment #16
torgosPizzaMarking as a support request. I'm confident this is a server config issue; please reopen if you find Stripe Library does play a part in it.
Comment #17
pdesai CreditAttribution: pdesai commentedFew things - we disabled TLS v1.0 and 1.1 on our server and also disabled selinux (not sure if that was related).
Comment #18
rcodina CreditAttribution: rcodina commentedSome links to read carefully to solve this problem:
https://stripe.com/blog/upgrading-tls
https://support.stripe.com/questions/how-do-i-upgrade-my-stripe-integrat...
https://support.stripe.com/questions/how-do-i-upgrade-my-stripe-integrat...
https://github.com/stripe/stripe-php/issues/275
From last link, I found a comment that says you need at least curl 7.34.0 which is the first one to support TLS > 1.0. See here:
https://curl.haxx.se/changes.html#7_34_0
Also, make sure to have a recent openssl version. Once you have updated CURL and openssl, do the test that @torgosPizza suggested on #14 to see if your system is fine to communicate via TLS 1.2.