Bug #101792 for Net-UPS: Does Net::UPS support TLS 1.0 as required by 1st March 2015?

Wed Jan 28 09:06:56 2015 phill.taylor [...] net-a-porter.com - Ticket created

Subject:	Does Net::UPS support TLS 1.0 as required by 1st March 2015?
Date:	Wed, 28 Jan 2015 14:06:38 +0000
To:	"bug-Net-UPS [...] rt.cpan.org" <bug-Net-UPS [...] rt.cpan.org>
From:	Phill Taylor <phill.taylor [...] net-a-porter.com>

UPS have reported that all apps must communicate with its servers using TLS as of the 1st March. See here: http://links4.upsemail.com/servlet/MailView?ms=NDc4NjQ2MTMS1&r=MTIzNjY1MTU3NjMwS0&j=NjAzMDk3MDczS0&mt=1&rt=0 There don't appear to be any options on this CPAN module to specify whether TLS is on/off leading me to suspect it isn't supported and thus will stop working in March. Can you confirm if users of this module will be affected please? Thanks Phill Full text of link above: " Security Upgrade Required for UPS® Web-Based Applications UPS is in the process of upgrading communication security protocols for all web-based applications. This will require you to ensure that you are using security protocols of TLS 1.0 or higher. Applications affected by the upgrade include the UPS® Developer Kit Application Programming Interfaces (APIs), which are used to integrate UPS functionality into your website and applications. Beginning March 1, 2015, UPS will only accept communication security protocols of TLS 1.0 or higher. Any requests submitted to UPS using older protocols (SSLv3 or older) will fail as of this date. Please contact your company's IT department or your development team to ensure that any security protocols currently used meet the TLS 1.0 or higher requirement. Your ability to use the UPS Developer Kit APIs in your business without interruption is important to us. If you have any technical questions or concerns, please submit your question through the UPS technical support form. " Thank you for your support Phill NET-A-PORTER.COM CONFIDENTIALITY NOTICE The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, you must not read, use or disseminate the information. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Net-A-Porter Group Limited. The Net-A-Porter Group Limited is a company registered in England & Wales Number: 3820604 Registered Office: 1 The Village Offices, Westfield, Ariel Way, London, W12 7GF

Wed Jan 28 09:41:39 2015 dakkar [...] thenautilus.net - Correspondence added

Subject:	Re: [rt.cpan.org #101792] Does Net::UPS support TLS 1.0 as required by 1st March 2015?
Date:	Wed, 28 Jan 2015 14:41:26 +0000
To:	"Phill Taylor via RT" <bug-Net-UPS [...] rt.cpan.org>
From:	Gianni Ceccarelli <dakkar [...] thenautilus.net>

Technically, Net::UPS does not have to support anything, since it depends on LWP or Net::Async::HTTP for the actual connections, and those depend on IO::Socket::SSL and SSLeay for the SSL/TLS implementation. I just double-checked, by starting a Apache server that only accepts TLS 1.0 and later, and both LWP and Net::Async::HTTP connected without problems. Short version: no need to worry, it will all just work. Thanks for the report. -- Dakkar - <Mobilis in mobile> GPG public key fingerprint = A071 E618 DD2C 5901 9574 6FE2 40EA 9883 7519 3F88 key id = 0x75193F88 Therefore in chariot fighting, when ten or more chariots have been taken, those should be rewarded who took the first. Our own flags should be substituted for those of the enemy, and the chariots mingled and used in conjunction with ours. The captured soldiers should be kindly treated and kept. --The Art of War by Sun Tzu Chapter II: Waging War

Download (untitled)
application/pgp-signature 181b

Message body not shown because it is not plain text.

Wed Jan 28 09:41:39 2015 The RT System itself - Status changed from 'new' to 'open'

Wed Jan 28 09:43:22 2015 DAKKAR [...] cpan.org - Status changed from 'open' to 'resolved'