On this page:
   35.94    Two Factor Authentication 35.96    Trusted Client   

35.95TLS / SSL (Encryption)

 

The TLS / SSL (Encryption) configuration category includes the following configurable options:

  • TLS Client Authentication

  • TLS Enabled

  • TLS KeyStore Filename

  • TLS KeyStore Key Alias

  • TLS KeyStore Key Password

  • TLS KeyStore Password

  • TLS Cipher Blacklist

  • TLS Cipher Whitelist

  • TLS Protocol Blacklist

  • TLS Protocol Whitelist

  • TLS TrustStore Filename

  • TLS TrustStore Password

35.95.1Property: TLS Client Authentication

 
Property Name TLS Client Authentication
Property Key
Property Type BOOLEAN
Description Should the listener for this module require incoming connections to authenticate using TLS Client Authentication?
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value false
Example Property
module.[MODULE_ID].config.tls.clientauth.enabled = false

35.95.2Property: TLS Enabled

 
Property Name TLS Enabled
Property Key
Property Type BOOLEAN
Description Should the listener for this module require TLS (i.e. SSL or HTTPS) encryption for incoming connections?
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value false
Example Property
module.[MODULE_ID].config.tls.enabled = false

35.95.3Property: TLS KeyStore Filename

 
Property Name TLS KeyStore Filename
Property Key
Property Type Resource Path
Description The filename for the TLS KeyStore used to hold private keys for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.keystore.file = 

35.95.4Property: TLS KeyStore Key Alias

 
Property Name TLS KeyStore Key Alias
Property Key
Property Type STRING
Description The alias for the specific key within the KeyStore that should be selected for incoming TLS connections.
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.keystore.keyalias = 

35.95.5Property: TLS KeyStore Key Password

 
Property Name TLS KeyStore Key Password
Property Key
Property Type PASSWORD
Description The password for the specific key within the KeyStore (leave blank if the key has no password).
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.keystore.keypass = 

35.95.6Property: TLS KeyStore Password

 
Property Name TLS KeyStore Password
Property Key
Property Type PASSWORD
Description The password for the TLS KeyStore (leave blank if the store has no password).
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.keystore.password = 

35.95.7Property: TLS Cipher Blacklist

 
Property Name TLS Cipher Blacklist
Property Key
Property Type STRING
Description If specified, contains a space-separated list of ciphers that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.protocol.cipher_blacklist = 

35.95.8Property: TLS Cipher Whitelist

 
Property Name TLS Cipher Whitelist
Property Key
Property Type STRING
Description If specified, contains a space-separated list of ciphers that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.protocol.cipher_whitelist = 

35.95.9Property: TLS Protocol Blacklist

 
Property Name TLS Protocol Blacklist
Property Key
Property Type STRING
Description If specified, contains a space-separated list of protocols that are not permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.protocol.protocol_blacklist = 

35.95.10Property: TLS Protocol Whitelist

 
Property Name TLS Protocol Whitelist
Property Key
Property Type STRING
Description If specified, contains a space-separated list of protocols that are permitted for use by TLS clients. See Selecting Ciphers and Protocol for more information.
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.protocol.protocol_whitelist = 

35.95.11Property: TLS TrustStore Filename

 
Property Name TLS TrustStore Filename
Property Key
Property Type Resource Path
Description The filename for the TLS TrustStore used to hold trusted certificates for TLS connections. This can be in the format classpath:path/to/file.p12 or file:///path/to/file.p12. Valid file extensions are .jks (Java Keystore) or .p12 (PKCS#12 store).
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.truststore.file = classpath:truststore.p12

35.95.12Property: TLS TrustStore Password

 
Property Name TLS TrustStore Password
Property Key
Property Type PASSWORD
Description The password for the TLS TrustStore (leave blank if the store has no password).
Applies to Modules
  • App Management Tools
  • CDS-Hooks REST Endpoint
  • FHIR Gateway REST Endpoint
  • FHIR REST Endpoint (DSTU2)
  • FHIR REST Endpoint (R3)
  • FHIR REST Endpoint (R4)
  • FHIRWeb Console
  • HL7 v2.x Listening Endpoint
  • HL7 v2.x Sending Endpoint
  • Hybrid Providers REST Endpoint
  • JSON Admin API
  • Package Registry Endpoint
  • SMART App Host (Deprecated)
  • SMART Outbound Security
  • Subscription Websocket Endpoint
Default Value (no default)
Example Property
module.[MODULE_ID].config.tls.truststore.password = 
   35.94    Two Factor Authentication 35.96    Trusted Client