UPS Tech Alert

[Belaird]

Does this UPS security alert have have impact on the built-in UPS module?
Security Upgrade Required for UPS® Developer Kit APIs

Action is Required

UPS is in the process of upgrading communication security protocols for all web-based applications, including UPS Developer Kit Application Programming Interfaces (APIs), which are used to integrate UPS functionality into your website and applications.

Effective January 26, 2016, the UPS test environment will require the TLS 1.2 security protocol, and will be available for your system testing.

Effective May 31, 2016, UPS will require the TLS 1.2 security protocol in production. After that date, any communication requests submitted to UPS using older protocols (TLS 1.1 or earlier) will fail.

NOTE: From January 19 through May 31, 2016, you may see intermittent failures for any non-compliant transactions.

Please contact your company's IT department or your development team to ensure that any security protocols currently used meet the TLS 1.2 requirement. If you have Java enabled, you must be using version 1.7 or higher to use TLS 1.2.

[kobra]

This should be controlled by your hosts setup for SSL communications

[lat9]

You can use this (https://www.ssllabs.com/ssltest/) link to check your site's current configuration and see if the TLS 1.2 protocol is supported.

... and you should really be looking to upgrade your cart, if you're still on Zen Cart v1.3.9h.

[Belaird]

Thanks for the info I pass those tests with an A-. But I was just concerned if this was similar to the changes made to Paypal/Curl code to address TLS.