TLS versions
| Excerpt |
|---|
| name | general-tls-disclaimer |
|---|
|
| Warning |
|---|
We only support modern SSL/TLS versions. This means we do not support: SSL of any version, TLSv1.0 and TLSv1.1
|
|
Supported TLS versions
| Excerpt |
|---|
| name | supported-tls-versions |
|---|
|
TLSv1.2, TLSv1.3
|
Certificate Issuers
We currently use two CA to issue our server certificates.
| Expand |
|---|
| title | Expand to see reasons why we use two CAs |
|---|
|
We use Let’s Encrypt to issue certificates for our services that are exposed via nginx-ingress. On top of that we use let’s Encrypt to protect PHR UI. The only place we use Google as a CA is with HL7. |
Google
| Excerpt |
|---|
|
C=US, O=Google Trust Services, CN=WR1
|
Let’s Encrypt
Let’s Encrypt offers four subordinate certificates for signing requests. Out of which we can use only two that are using RSA encryption algorithm.
...
