TLS versions
Excerpt |
---|
name | general-tls-disclaimer |
---|
|
Warning |
---|
We only support modern SSL/TLS versions. This means we do not support: SSL of any version, TLSv1.0 and TLSv1.1
|
|
Supported TLS versions
Excerpt |
---|
name | supported-tls-versions |
---|
|
TLSv1.2 , TLSv1.3
|
Certificate Issuers
We currently use two CA to issue our server certificates.
Expand |
---|
title | Expand to see reasons why we use two CAs |
---|
|
We use Let’s Encrypt to issue certificates for our services that are exposed via nginx-ingress. On top of that we use let’s Encrypt to protect PHR UI. The only place we use Google as a CA is with HL7. |
Google
Excerpt |
---|
|
C=US, O=Google Trust Services, CN=WR1
|
Let’s Encrypt
Let’s Encrypt offers four subordinate certificates for signing requests. Out of which we can use only two that are using RSA encryption algorithm.
Excerpt |
---|
|
C = US, O = Let's Encrypt, CN = R10
C = US, O = Let's Encrypt, CN = R11
|
Excerpt |
---|
|
C = US, O = Let's Encrypt, CN = R10
|
Excerpt |
---|
|
C = US, O = Let's Encrypt, CN = R11
|