Guides & TutorialsPayments & Currency TroubleshootingTroubleshooting sslv3 alert handshake failure and tlsv1 alert protocol version Errors

Troubleshooting sslv3 alert handshake failure and tlsv1 alert protocol version Errors

Introduction

cURL Error code 35 Unknown SSL protocol, Unsupported SSL protocol, sslv3 alert handshake failure or tlsv1 alert protocol version errors may occur when WHMCS attempts to connect to a remote service, such as a payment gateway or registrar, via a secure connection.

You may also see a Secure TLS Support in cURL warning at Configuration > System Health (Help > System Health Status prior to WHMCS 8.0):

Your server is attempting a secure connection to using the outdated SSL protocol. As this is no longer secure, most providers now require connections be made using the newer TLS 1.2 protocols instead:

The WHMCS code is cryptographic protocol agnostic: we do not specify a particular protocol version when establishing cURL connections to external services. cURL will auto-negotiate the best available cryptographic protocol based upon the server configuration and the service being connected to.

As a result, any restrictions to the cryptographic protocol WHMCS can use are as a result of the server configuration and not WHMCS itself.

Troubleshooting

To help resolve such errors it will be necessary to work with your server admin/hosting provider to ensure that remote cURL connections are made using the TLS 1.2 protocol by default, rather than the outdated SSL, TLS 1.0 and TLS 1.1 protocols.

There are a few items which can be checked quickly to help identify the cause of this error:

  • Update to WHMCS 6.0 or above, ideally the current Active Version.
  • Check the version of PHP applied to the WHMCS directory is PHP 5.6 or above.
  • Check the version of cURL installed on your server is sufficient to support the cryptographic protocol accepted by the service being connected to CURLOPT_SSLVERSION.
  • Check the SSL Library installed on your server supports the cryptographic protocol accepted by the service being connected to: ssl-compared.
  • Test your website using a service such as ssltest. Make sure your required protocol is displayed at the top of the list: