UPS Security Upgrade for Developer Kit APIs

Tourist
30 0 1

Hello Shopify, 
I received this message from UPS today:
"
Security Upgrade Required for UPS® Developer Kit APIs

Action is Required

UPS is in the process of upgrading communication security protocols for all web-based applications, including UPS Developer Kit Application Programming Interfaces (APIs), which are used to integrate UPS functionality into your website and applications.

Effective May 31, 2016, UPS will require the TLS 1.2 security protocol. After that date, any communication requests submitted to UPS using older protocols (TLS 1.1 or earlier) will fail.

Please contact your company's IT department or your development team to ensure that any security protocols currently used meet the TLS 1.2 requirement. If you have Java enabled, you must be using version 1.7 or higher to use TLS 1.2. 
"

I am a website designer for 4 ecommerce clients that will be affected by this (mditruck.comtracey-packaging.myshopify.comindependentfieldservice.com, and shop.sbsm.com).

What action do I need to take for this upgrade? What action do my clients need to take?

Thank you for any help you can provide in this!

Karina

0 Likes
Tourist
30 0 1

Bump

0 Likes
New Member
1 0 0

We've received the same message from UPS and while I'm guessing necessary updates regarding TLS will be handled by Shopify any confirmation/direction from Shopify would be appreciated.

Thanks,

Nate

0 Likes
Tourist
30 0 1

Bump

0 Likes
Tourist
30 0 1

Bump

0 Likes
Tourist
30 0 1

BUMP - anyone have anything on this?

0 Likes
New Member
4 0 0

We've also received this message from UPS and would like to see a confirmation/response from Shopify as to their actions regarding this topic.

Thanks,

Eric

0 Likes
Tourist
30 0 1

Shopify,

I received this today. Do I need to be concerned about this or not?

::


Security Upgrade Required for UPS® Developer Kit APIs

Action is Required


UPS is in the process of upgrading communication security protocols for all web-based applications, including UPS Developer Kit Application Programming Interfaces (APIs), which are used to integrate UPS functionality into your website and applications.

Effective January 26, 2016, the UPS test environment will require the TLS 1.2 security protocol, and will be available for your system testing. 

Effective May 31, 2016, UPS will require the TLS 1.2 security protocol in production. After that date, any communication requests submitted to UPS using older protocols (TLS 1.1 or earlier) will fail. 

NOTE: From January 19 through May 31, 2016, you may see intermittent failures for any non-compliant transactions. 

Please contact your company's IT department or your development team to ensure that any security protocols currently used meet the TLS 1.2 requirement. If you have Java enabled, you must be using version 1.7 or higher to use TLS 1.2. 

0 Likes
Tourist
30 0 1

I got an answer! I emailed Shopify and this is what they said:

Trevor Ernst (Shopify)

Jan 19, 15:15

Hi Karina,

I am Trevor and I am a Guru here at Shopify! :-)

No worries I am happy to help you out with this!

I did some digging into this and this is what I could find.

Shopify uses TLS 1.2 for everything so Shopify is set up to prevent any issues so no worries!

I hope this clears things up!

Trevor 
Shopify Guru

0 Likes
Highlighted
Tourist
212 0 3

Shopify has the most updated TLS which is 1.3 implemented right now. You do not need to worry about inconsistencies due to this issue. I have heard TLS 1.3 vastly improves Privacy and performance of secure web communications. In addition, apps like Multi carrier shipping label app are also compatible with the latest TLS if you are planning to use one.

0 Likes