Paypal sandbox SSL exception & SSL 3.0 Protocol Vulnerability

Problem

Connection to Paypal sandbox was broken on/after 13th of October and the SSL exception below was thrown from Paypal core Java client.

Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-0.0
                at com.ibm.jsse2.b.b(b.java:102)
                at com.ibm.jsse2.b.a(b.java:212)
                at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:814)
                at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:704)
                at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:12)
                at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:498)
                at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:59)
                at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:31)
                at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1195)
                at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
                at com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:91)
                at com.paypal.core.HttpConnection.execute(HttpConnection.java:93)
                at com.paypal.core.APIService.makeRequestUsing(APIService.java:176)
                at com.paypal.core.BaseService.call(BaseService.java:258)
                at urn.ebay.api.PayPalAPI.PayPalAPIInterfaceServiceService.setExpressCheckout(PayPalAPIInterfaceServiceService.java:2196)
                at urn.ebay.api.PayPalAPI.PayPalAPIInterfaceServiceService.setExpressCheckout(PayPalAPIInterfaceServiceService.java:2148)

Fix

Paypal sandbox was updated on/around 13th of October to disable SSLv3 and enable TLS instead as a response to POODLE Security Vulnerability. This change on their side mandates replacing Paypal client Jars to latest version especially paypal-core which needs to be on version 1.6.4 at least as it has the necessary code change to initialize a TLS connection.

To prepare a fix, you need to build new jars from Paypal GitHub links provided below:

Paypal SDK Core Java
Paypal Merchant SDK Java

For quick testing, you can use the two jars below which I build myself:

Download PayPal Merchant SDK
Download Paypal SDK Core Java

Remarks

• The issues above were encountered while using Paypal Mercahant SDK and don't know if their newer library (REST SDK) had a similar issue or not

Warning !

• The jars provided above are for quick testing only and for use on a test non-live environment
• Never deploy a payment related jar from untrusted source (like myself). Once you are sure the jars fixes your problem, please contact Paypal to prepare a new jar for you or do it yourself and build their code available on GitHub.