FedEx’s Web Service Updates

Posted by: Genevieve Thursday, August 6th, 2015

FedEx is moving to more updated security protocols on their web services to increase the security level and remove known issues with the existing protocols used. There are a number of phases to these changes across their test and live environments.

The changes will not require you to apply any patches to core Magento code or any WebShopApps shipping extensions. You may have to make configuration changes to your hosting environments, or ask your hosting provider to verify if changes are required.

  • SSL3 support is being removed from FedEx web services. SSL3 is a common protocol used to support secure communication between web service providers and clients
  • Since July 20 2015, SSL3 has been disabled on FedEx’s development environment. Starting September 5 2015, it will be disabled on their production web services.
  • The protocol used for the secure communication between Fedex and Magento is determined by your web server hosting your Magento site.
  • You should contact your host to determine which protocol is currently used. If SSL3 is being used, ask your host to disable it
  • FedEx is also migrating from SHA-1 certifcates to SHA-256 (SHA-2).
  • You can determine which protocol the certificate on your site is using at https://www.ssllabs.com/ssltest/.
  • If your certificate is SHA-1 you will need to update this on your site.
  • SHA-1 certificates are no longer supported on FedEx development environment from August 3 2015, and on production from September 19 2015.
These changes could affect anyone using the standard FedEx carrier in Magento, WebShopApps Dimensional Shipping and our legacy Address Validation extension, using FedEx.

Leave a Reply