error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

Solution 1:

openssl s_client does a better job of explaining what's going on here since it gives whether it's receiving or sending these messages. api.paypal.com is requesting a specific client certificate (this is the * SSLv3, TLS handshake, Request CERT (13) line curl is printing) and you're sending the wrong (or no) certificate, so your connection fails:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
6016:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
6016:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Googling for paypal api info, it appears that you'll need to request a client certificate for the API. They also have a username/password "signature" option, but this option uses a completely different server. If you have these, then configuring your cart software to use them is an issue to take up with the cart developer. If you are the developer and you have a certificate, see the --cert, --cert-type, --key, and --key-type flags to curl to configure the cert and private key curl uses.