Will the planned UPS changes effect osCommerce?
osCommerce UPS Shipping
Back-End Architectural Change – XML Change 11 July 2009
UPS has re-architected the Rate, Ship and Track XML Tools. They state that the “changes to the underlying architecture should not change the XML interfaces to these tools”.
Digital Certificate Update – SSL V3.0 September 2009
UPS are moving from a single SSL certificate to a chained SSL certificate. Chained SSL certificates require SSL3.0 and this is where the change comes in.
SSL allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. Under SSL V2.0, someone intercepting the initial message can force the server and client to agree to the weakest mutually supported encryption standard in the chain. This is known as a man-in-the-middle (MITH) attack. SSL3.0 reduces the risk of MITM type of attacks from occurring during SSL handshake processing.
SSL V3.0 has been around since 1996 and most servers use it these days.
What does this mean to osCommerce?
First off, UPS is not a standard shipping module for osCommerce. So if you use UPS, you will have installed an Add On. There are two basic Add Ons for osCommerce UPS interfaces:
- Standard UPS which does not require a UPS Account
- UPS XML which requires a UPS account
UPS states that if you are “sending your tool requests to onlinetools.ups.com” you are already SSL3.0 compliant. So at this stage, we do not believe it will effect osCommerce sites.
If you are using Standard UPS, then the backend change does not even apply to you. If you are using UPS XML, as they say, it should not effect you.