by Vesselin Vassilev
Posted On Mar 8, 2016
UPS Internet Shipping and ups.com
Effective May 31, 2016, UPS will require the TLS 1.2 security protocol for all web-based applications, including UPSĀ® Internet Shipping and ups.comĀ®. After that date, any communication requests submitted to UPS using older protocols (TLS 1.1 or earlier) will fail.
Sitefinity's built-in UPS Shipping provider sends a request to the UPS API via this method: GetServiceRates(IShippingRequest shippingDataInput) to get the shipping rates.
After May 31 that request will fail because Sitefinity does not support TLS 1.2.
As a result, on Checkout you will get some of the following exceptions:
Message: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream.
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.UPS.RateService.ProcessRate(RateRequest RateRequest)
at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.Providers.UPSProvider.GetServiceRates(IShippingRequest shippingDataInput)
OR
Message: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.UPS.RateService.ProcessRate(RateRequest RateRequest)
at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.Providers.UPSProvider.GetServiceRates(IShippingRequest shippingDataInput)
You can easily see if you are affected if you switch to the TEST URL of the UPS API which is this: https://wwwcie.ups.com/webservices/Rate
Because the UPS Test environment is already updated with the new changes, since 7-March-2016 it does not support TLS 1.1 and below, so once you switch to that URL you will start seeing the problems at checkout.
I found a simple solution in the Sitefinity Knowledge Base database - it was related to a similar problem with Paypal payments and can be applied here as well:
Add this to the Global.asax.cs file in your project:
There is one caveat with the solution above though - the above SecurityProtocolType options are available in .NET 4.5 and above. In .NET 4.0 you have only the first 2 options. So, you will need to upgrade your project first to .NET 4.5, rebuild and then test.
UPDATE: For .NET 4.0 you can try this code - it works fine for me:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3
| SecurityProtocolType.Tls
| (SecurityProtocolType)768
// Tls11
| (SecurityProtocolType)3072;
//System.Net.SecurityProtocolType.Tls12;