PayPal Community

jibboo · ‎Apr-07-2018

I have been using PayFlowPro for over 10 years. Recently (maybe 6 months or so) I have been unable to test any changes when submitting transactions to the test server (pilot-payflowpro.paypal.com). This is code that I haven't changed in probably 3 or 4 years. Strangely, if I switch the transaction to the live server everything works as expected. This is only occurring no the test server.

Response Message:

Failed to connect to host Input Server Uri = https://pilot-payflowpro.paypal.com/

Here is the full response:

RESULT=-1&RESPMSG=Failed to connect to host Input Server Uri = https://pilot-payflowpro.paypal.com/

I thought maybe the Pilot url might have changed ... but as I'm reading all the latest news about TLS1.1 being discontinued; I see the pilot-payflowpro.paypa.com link is indeed still being used ... does anyone have any idea?

jibboo · ‎May-24-2018

Thanks for asking ... actually I hadn't tried the test server (pilot-payflowpro) in quite a while. I just ran a test transaction and it went through. I'm guessing this is due to some recent server updates I made; forcing Windows Server to use/deny certain protocols.

Paypal emailed me regarding their PayFlowPro requiring TLS 1.2 to transmit ... I ran some tests on my server to check the SSL and make sure I supported TLS 1.2. Which led me to updating the protocols due to the security results from SSL test.

You can test your server by plugging in your domain here: https://www.ssllabs.com/ssltest/

Here's my current results (which I'm guessing lead to pilot-payflowpro.paypal.com working like it used to):

Protocols
TLS 1.3	No
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No

IF you are running on Windows I can probably direct you to some resources instructing how to enable/disable the different protocols. I manually edited the registry entries in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

View solution in original post

sanmen1593 · ‎May-24-2018

Any update on this? I am receiving that error from production too now.

jibboo · ‎May-24-2018

Thanks for asking ... actually I hadn't tried the test server (pilot-payflowpro) in quite a while. I just ran a test transaction and it went through. I'm guessing this is due to some recent server updates I made; forcing Windows Server to use/deny certain protocols.

Paypal emailed me regarding their PayFlowPro requiring TLS 1.2 to transmit ... I ran some tests on my server to check the SSL and make sure I supported TLS 1.2. Which led me to updating the protocols due to the security results from SSL test.

You can test your server by plugging in your domain here: https://www.ssllabs.com/ssltest/

Here's my current results (which I'm guessing lead to pilot-payflowpro.paypal.com working like it used to):

Protocols
TLS 1.3	No
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No

IF you are running on Windows I can probably direct you to some resources instructing how to enable/disable the different protocols. I manually edited the registry entries in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

jibboo · ‎May-24-2018

Looking at my config ... I'm wondering if explicitly disabling TLS 1.0 is what caused it to work ... since TLS 1.0 is considered insecure now ... maybe it was using that by default.

SiddSubedi · ‎Oct-03-2018

tried that ..didn't work by just enabling TLS1.2 and disabling all other protocols. What else do you suggest??

i am still getting the error "Failed to connect to host Input Server Uri = https://pilot-payflowpro.paypal.com/".

EvelynT · ‎Feb-26-2020

could you fix it?
I have the same error

jibboo · ‎Jul-17-2020

Here is my Windows registry ... granularly setting each protocol for TLS 1.0 / 1.1 / 1.2 and SSL 2 / 3

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"Enabled"=dword:ffffffff
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"Enabled"=dword:00000000
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:ffffffff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:ffffffff

registry screenshot TLS 1.0registry screenshot TLS 1.2

jibboo · ‎Jul-18-2020

if using .Net as your programming platform, you may need to force it to use TLS 1.2

C#

using System.Net;

// force legacy PayFlow Pro SDK DLL to use TLS 1.2
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

VB.Net

Imports System.Net

' --- force legacy PayFlow Pro SDK DLL to use TLS 1.2
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

PayPal Community

Failed to connect to host Input Server Uri = https://pilot-payflowpro.paypal.com/

Haven't Found your Answer?