Guides & TutorialsTroubleshootingTroubleshooting Payments and CurrenciesTroubleshooting sslv3 alert handshake failure and tlsv1 alert protocol version Errors

Troubleshooting sslv3 alert handshake failure and tlsv1 alert protocol version Errors

Symptom

cURL Error code 35 Unknown SSL protocol, Unsupported SSL protocol, sslv3 alert handshake failure or tlsv1 alert protocol version errors may occur when WHMCS attempts to connect to a remote service like a payment gateway or registrar via a secure connection.

You may also see a Secure TLS Support in cURL warning at Configuration > System Health (Help > System Health Status prior to WHMCS 8.0):

Cause

Your server is attempting a secure connection using the outdated SSL protocol. This is no longer secure: most providers now require connections via the newer TLS 1.2 protocols instead.

For more information, check your provider's documentation:

WHMCS is cryptographic protocol agnostic: we do not specify a particular protocol version when establishing cURL connections to external services. cURL will auto-negotiate the best available cryptographic protocol based on the server configuration and the service.

As a result, any restrictions to the cryptographic protocol WHMCS can use are as a result of the server configuration and not WHMCS itself.

Solution

For help to resolve these errors, contact your server administrator or hosting provider. You must ensure that remote cURL connections use the TLS 1.2 protocol by default rather than the outdated SSL, TLS 1.0, and TLS 1.1 protocols.

To help identify the cause of this error:

  • Update to WHMCS 6.0 or above. We strongly recommend updating to the most recent supported version.
  • Make certain that the WHMCS installation's PHP version is PHP 5.6 or above.
  • Check that the server's cURL version supports the cryptographic protocol that the service uses to CURLOPT_SSLVERSION.
  • Check that the SSL library on your server supports the cryptographic protocol that the service being connected to accepts: ssl-compared.
  • Test your website using a service like ssltest. Make sure your required protocol appears at the top of the list: