Cloudflare and Worldpay issue

#1

Since enabling Cloudflare we are getting Worldpay Call Back failures.

Does anyone know how to resolve this please?

Error like this

Our systems have detected that your callback has failed.

This callback failure means we were unable to pass information
to your server about the following transaction:

Transaction ID: #########
Cart ID: wc_order_############################
Installation ID: #################

Error reported: Callback to: https://www.########################.com/wc-api/WC_Gateway_WorldPay_Form: failed CAUSED BY Received fatal alert: handshake_failure
Server Reference: ukdc1-pz-pay07:callbackFailureEmail-9889:MerchReq-929-54

Many thanks

#2

These requests most likey got blocked by Cloudflare. As a first try you can whitelist the IP address where the request comes from.

#3

I am not seeing anything related to Worldpay blocked in the Cloudflare firewall event log which I thought I would if this was the case?

Many thanks

#4

Thats a good point, the error message would actually rather hint at an SSL issue than an active block. Do all these requests fail or just some? What is your chosen TLS version in your Cloudflare control panel?

#5

SSL is set to Full (Strict) Setting advised by hosting company
TLS Minimum is seto to TLS 1.0
TLS 1.3 Enabled

#6

These settings generally sound all right. You could try to disable 1.3 altogether and check if that makes a difference, but in theory it shouldnt.

Again, how often do these handshake errors occur?

#7

This is a related question with some workarounds.

#8

Are you referring to these comments, Happy to try them, but the user on the thread has finished off saying their issue was still not resolved.

The solution does make sense providing the use still gets redirected back to the main site

I worked around the worldpay restriction with the following steps:

  1. Create new worldpay subdomain for the affected domain e.g. worldpay.example.com
  2. Secure worldpay.example.com with a free certificate from https://letsencrypt.org/ (it’s just a tick box during subdomain creation in Plesk 17)
  3. Move callback script for affected domain from its current location to the new worldpay subdomain. e.g. from example.com/cb.php to worldpay.example.com/cb.php
  4. Create new worldpay CNAME entry in Cloudflare DNS page for the affected domain and turn the cloud off for the new CNAME
  5. Login to Worldpay admin interface and update the Payment Response URL for the affected installation to match the new URL you set up at step 3
  6. Test!

Now the worldpay system sends its callback POST to worldpay.example.com/cb.php which Cloudflare sends directly to the server (rather than processing it with its SNI cert) and as long as the server has a valid cert installed from e.g. Let’s Encrypt, it works. No more handshake_failure messages

#9

That was a different user, the OP appears to got it fixed that way.

#10

My link points to post 15 which you rewrote here. Nice to hear you solved the issue.

#11

Sorry I misinterpreted that. Looking to test the fix as soon as possible.

As were using a Worldpay plugin with Wordpress just doing some additional checks to ensure we can make this fix work.

Thanks for all the advice everyone will report back shortly.

1 Like