Our client received the following from FedEx and I just want to confirm that they are talking about the SSL we have on the server. Or does this have to do with the actual FedEx module? We are using SHA-2 for SSL encryption so I just want to make sure we are complying.
December 2015 – Important SHA-2 Security Update for FedEx Web Services Customers
FedEx proactively enables, promotes and elevates secure automation transaction technology and communication protocol standards. As part of our commitment to ensuring strong encryption standards within SSL/TLS and code-signing certificates, on January 30, 2016, FedEx will be updating our encryption and communication protocol requirements. These new enhancements include the upgrade of our certificates to SHA-256 and only supporting TLS protocol connections; as well as, the disablement of SSLv3 protocol.
Our updated requirements reflect the new and more secure industry standards of SHA-256 (SHA-2) encryption and TLS protocol, which are in line with a broader industry shift in how browsers and websites encrypt traffic to protect the contents of online communications. As part of the update, FedEx will replace its current SHA-1 certificates with the SHA-2 standard on the following environments:
· gateway.fedex.com
· ws.fedex.com
What you should do:
As of January 30, 2016, customers will need to support the SHA-2 encryption and TLS protocol security standards to continue to communicate to FedEx and prevent a potential communication failure. We recommend that you test/check your applications, systems or devices that connect to FedEx to verify they support the SHA-2 and TLS standards.
If your system already supports SHA-2 security standards, then no action is necessary; but if your system only supports SHA-1 based certificate verification and/or an SSLv3 protocol, you will experience connection issues if you fail to update both. Customers will need to ensure that they have a plan to support SHA-2 and TLS prior to January 30, 2016.
Customers who need a local copy of the FedEx SSL SHA-2 certificate installed in their configuration should click on FedEx Web Services SHA-2 Certificate to register for access to the updated certificate.
FedEx Web Services customers can verify if they are SHA-2 compliant and TLS ready by testing a transaction in our FedEx Web Services test environment by pointing their application to the wsbeta.fedex.com:443/web-services/ endpoint which has been upgraded to TLS and the SHA-2 certificate. A successful transaction in our test environment indicates SHA-2 compliance.
FedEx proactively enables, promotes and elevates secure automation transaction technology and communication protocol standards. As part of our commitment to ensuring strong encryption standards within SSL/TLS and code-signing certificates, on January 30, 2016, FedEx will be updating our encryption and communication protocol requirements. These new enhancements include the upgrade of our certificates to SHA-256 and only supporting TLS protocol connections; as well as, the disablement of SSLv3 protocol.
Our updated requirements reflect the new and more secure industry standards of SHA-256 (SHA-2) encryption and TLS protocol, which are in line with a broader industry shift in how browsers and websites encrypt traffic to protect the contents of online communications. As part of the update, FedEx will replace its current SHA-1 certificates with the SHA-2 standard on the following environments:
· gateway.fedex.com
· ws.fedex.com
What you should do:
As of January 30, 2016, customers will need to support the SHA-2 encryption and TLS protocol security standards to continue to communicate to FedEx and prevent a potential communication failure. We recommend that you test/check your applications, systems or devices that connect to FedEx to verify they support the SHA-2 and TLS standards.
If your system already supports SHA-2 security standards, then no action is necessary; but if your system only supports SHA-1 based certificate verification and/or an SSLv3 protocol, you will experience connection issues if you fail to update both. Customers will need to ensure that they have a plan to support SHA-2 and TLS prior to January 30, 2016.
Customers who need a local copy of the FedEx SSL SHA-2 certificate installed in their configuration should click on FedEx Web Services SHA-2 Certificate to register for access to the updated certificate.
FedEx Web Services customers can verify if they are SHA-2 compliant and TLS ready by testing a transaction in our FedEx Web Services test environment by pointing their application to the wsbeta.fedex.com:443/web-services/ endpoint which has been upgraded to TLS and the SHA-2 certificate. A successful transaction in our test environment indicates SHA-2 compliance.
Comment