M1 - TLS 1.2 - PayPal Express NVP CURL connection error #35: SSL connect error

We had this same problem and just fixed it by updating the curl library from 7.19 to 7.40..

Run the following command: curl -v -s https://api-3t.sandbox.paypal.com/nvp

If you get an SSL Connect error you have same problem we had.

You can use the following link (response #3) for instructions on how to do this curl library update: https://stackoverflow.com/questions/28495444/how-to-upgrade-php-curl-to-version-7-36-0

We also tried a hack and it worked but we were not happy with a temporary solution.

I hope this information helps you out.

I also encountered this error today. Adding the following to app/code/core/Mage/Paypal/Model/Api/Nvp.php around line 945 is at least making the change in the Paypal Nvp module instead of the libraries.

 try {
        $http = new Varien_Http_Adapter_Curl();

+       $http->addOptions(array(CURLOPT_SSLVERSION => 6));

According to the curl constants manual page, you can also use the constant CURL_SSLVERSION_TLSv1_2 instead of 6 if you have a PHP version >= 5.5.19 or 5.6.3.

The sandbox did indeed change in the past week to only accept TLS 1.2. From my tests, TLS 1.2 will kick in automatically if you're using PHP 5.5.19+ and a sufficiently recent curl version (I'm using 7.29). You also need OpenSSL 1.0.1+.

Since we're still running 5.3 we've had to add the same hack to the core as well, but since Magento still claim support for 5.3 we can probably expect an official solution soon (especially since these changes will also hit Paypal production systems in June).

Reference: https://devblog.paypal.com/upcoming-security-changes-notice/