Support for TLS 1.0 & 1.1 to the Shippo API and App is ending on April 30, 2020.
Translation: If you are using a very old internet browser or TLS version, you need to update to continue to use Shippo.
Do I have to do something? What does this actually mean?
Good news is that the vast majority of Shippo users will not be impacted and won't have to do anything. However, if you are using a now very old version of a web browser (check your browser's "About" page), you'll have to update to a new version to continue to use Shippo after April 30th.
Specifically, you need to be on one of the these versions to continue to use Shippo:
• Internet Explorer - version 11 or higher
• Mozilla Firefox - version 27 or higher
• Google Chrome version 30 or higher
• Microsoft Edge - all versions
• Google Android - version 5.0 or higher
• Desktop Apple Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher
• Mobile Safari versions 5 and higher for iOS 5 and higher
Or if you're using the Shippo API, you'll need to update to TLS version 1.2 or higher.
Clients that don’t support TLS 1.2 and force a minimum TLS version of TLS 1.0 or TLS 1.1 will be affected. Any client that doesn’t support TLS 1.2 won’t be able to successfully negotiate a connection and will start seeing connection request failures to Shippo.
--- need to know more details? Read on below! ---
Starting April 30, 2020, all requests to the Shippo API and App must use TLS 1.2 and above. We’ve decided to make this change in the best interest of our users so we stay up to date with modern encryption, security protocols, and practices.
TLS 1.0 and 1.1 will no longer be supported for requests to the Shippo API and App. If your connection to Shippo does not support TLS 1.2 and above, please read the rationale and steps needed for continued operation below.
Why are we removing support for TLS 1.0 and TLS 1.1?
TLS 1.0 and TLS 1.1 are out-of-date protocols that don’t support many newer, more secure, cryptographic algorithms. Older versions of TLS contain security vulnerabilities that attackers can exploit and a vast majority of encrypted internet traffic already uses TLS 1.2, which was introduced over a decade ago.
The Internet Engineering Task Force (IETF) is also officially planning to deprecate these protocols. As of March 2020, all major browsers such as Google Chrome, Microsoft Internet Explorer, Apple Safari, and Mozilla Firefox will no longer support TLS 1.0 and 1.1.
What will happen if I don’t update my integration by the deadline?
Any integration that doesn’t support TLS 1.2 won’t be able to successfully negotiate a connection and will start seeing connection request failures to Shippo. This means clients that are not updated will be unable to communicate with Shippo.
