A Reminder to All Sitefinity eCommerce Sites using UPS Shipping Carrier

So you have a Sitefinity eCommerce site in US and most probably you use UPS as a shipping carrier. An important change is coming to the UPS APIs on May 31, 2016 they are removing the support for protocols less than TLS 1.2.

This is from UPS Data Security Upgrade article:

UPS Internet Shipping and ups.com
Effective May 31, 2016, UPS will require the TLS 1.2 security protocol for all web-based applications, including UPS® Internet Shipping and ups.com®. After that date, any communication requests submitted to UPS using older protocols (TLS 1.1 or earlier) will fail.

How does this affect you?

Sitefinity's built-in UPS Shipping provider sends a request to the UPS API via this method: GetServiceRates(IShippingRequest shippingDataInput) to get the shipping rates. 

After May 31 that request will fail because Sitefinity does not support TLS 1.2.

As a result, on Checkout you will get some of the following exceptions:

Message: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream.
   at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.runTryCode(Object userData)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.UPS.RateService.ProcessRate(RateRequest RateRequest)
   at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.Providers.UPSProvider.GetServiceRates(IShippingRequest shippingDataInput)


OR

Message: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.UPS.RateService.ProcessRate(RateRequest RateRequest)
   at Telerik.Sitefinity.Modules.Ecommerce.Shipping.Carriers.Providers.UPSProvider.GetServiceRates(IShippingRequest shippingDataInput)

Am I affected?

You can easily see if you are affected if you switch to the TEST URL of the UPS API which is this: https://wwwcie.ups.com/webservices/Rate

Because the UPS Test environment is already updated with the new changes, since 7-March-2016 it does not support TLS 1.1 and below, so once you switch to that URL you will start seeing the problems at checkout. 

Solution

I found a simple solution in the Sitefinity Knowledge Base database - it was related to a similar problem with Paypal payments and can be applied here as well:
Add this to the Global.asax.cs file in your project:

There is one caveat with the solution above though - the above SecurityProtocolType options are available in .NET 4.5 and above. In .NET 4.0 you have only the first 2 options. So, you will need to upgrade your project first to .NET 4.5, rebuild and then test.

UPDATE: For .NET 4.0 you can try this code - it works fine for me: