UPS Shipping Rate Web Service Errors Out When SSL3 Is Disabled

November 3, 2014

UPS offers a Shipping Rate Web Service in their Developer Kit that can be setup in .Net to do address verification, rate estimation, and other features. Their provided source code will get you started but does not explicitly use TLS security. With the recent SSL v3 vulnerability, POODLE, UPS and other web services will be disabling support for SSL v3. If your host has disabled SSL v3, you will receive an unexpected packet format or other error and the UPS web service will no longer work.

To fix this, we have to explicitly use TLS security (at least for .Net v3.5 or less). TLS is the next iteration of SSL and has wide support among clients and servers. You enable it for the UPS web service call by configuring ServicePointManager (a class in the System.Net namespace) to use TLS security.

Using TLS Security


ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

This should be placed before the web service call. So if we use the ShipClient.cs example from the UPS Developer Kit, lines 111-112 would now look like:

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ShipmentResponse shipmentResponse = shpSvc.ProcessShipment(shipmentRequest);

You should also note that this is a global change so all web service calls in this application pool would begin using TLS security. If this is not desired, you can save the current SecurityProtocol in a variable and then reassign it to ServicePointManager after the UPS call was finished.