setExpressCheckout and SSL/TLS error

Question

I\'m trying to develop a simple application that will enable users to purchase services off a website through the Paypal API. This application is running on ASP.NET with C#.

Answer 1

Thanks a lot that really helps me.

For reference here is my code for establishing the interface in VB.NET

  'Create a service Binding in code
                            Dim ppEndpointAddress As New System.ServiceModel.EndpointAddress("https://api-3t.sandbox.paypal.com/2.0/")
                            Dim ppBinding As New System.ServiceModel.BasicHttpBinding(System.ServiceModel.BasicHttpSecurityMode.Transport)

                            Dim ppIface As New PayPalAPI.PayPalAPIAAInterfaceClient(ppBinding, ppEndpointAddress)

                            Dim ppPaymentReq As New PayPalAPI.DoDirectPaymentReq()

                            ppPaymentReq.DoDirectPaymentRequest = ppRequest

Answer 2

You're probably connecting to api.paypal.com or api.sandbox.paypal.com, and not sending along your API certificate. The API certificate is a client SSL certificate used to complete the SSL chain.

If you don't have or are not using an API certificate, you should connect to api-3t.paypal.com or api-3t.sandbox.paypal.com for Live or Sandbox respectively.

Answer 3

I've been working with a PayPal (NVP/Signature) Express Checkout integration and have been hit with this SSL/TLS error.

Nothing I did seemed to get around it but then I found the following code to add above my request. For reference, I'm using MVC3/.NET 4 so Tls1.2 isn't available to me by default (like in .NET 4.5 +). This first three lines of this code gets around that. I hope it helps people!

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
ServicePointManager.DefaultConnectionLimit = 9999;

var url = "https://[paypal-api-url]/nvp";
var uri = new Uri(url);
var request = WebRequest.Create(uri);
var encoding = new UTF8Encoding();
var requestData = encoding.GetBytes(data);

request.ContentType = "application/x-www-form-urlencoded";
request.Method = "POST";
request.Timeout = (300 * 1000); 
request.ContentLength = requestData.Length;

using (var stream = request.GetRequestStream())
{
    stream.Write(requestData, 0, requestData.Length);
}

var response = request.GetResponse();
...

Answer 4

Since early 2016, Paypal started requiring TLS 1.2 protocol for communications in the Sandbox, and will enforce it for the live environment starting June 17. See here for reference.

In most .NET applications TLS 1.2 will come disabled by default, and therefore you'll need to enable it.

You need to add the following line, for example, at the beginning of you Application_Start method:

public class Site : HttpApplication
{
    protected void Application_Start()
    {
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
        // other configuration
    }
}