...
Status |
| ||||||
|---|---|---|---|---|---|---|---|
Last Updated | 13th March, 2025 | ||||||
Version | 4 |
| Tip |
|---|
This change only affects applies to customers whom who are connecting to our Hl7 API over the Public Internet and not using HSCN. |
New endpoints
...
Available endpoints on Port 443:
Deprecations
my.patientsknowbest.com:7443 is getting deprectednow deprecated.
Motivations/Goals
We want to tighten our security. Efforts we make on this front include:
deprecate/remove support for
ciphers,Status colour Yellow title weak get a WAF in place and
use standard ports.
...
Overview
The two available endpoints will only accepts ciphers that are deemded deemed as
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
...
if you are unable to support the below listed ciphers, please contact our support desk (email: help@patientsknowbest.com).
Option 1 - Preferred - mTLS Endpoint
We offer mtls.hl7.uk.patientsknowbest.com to those customers who have moved to the cloud and can’t use static IPs when accessing our services. It is also our prefered setup for new customers.
Identity is still derived from client credentials and not the client certificate. mTLS in this scenario is only used to replace IP allow listing.
...
.
To start the process of mTLS client certificate creation please contact ca@patientsknowbest.com stating you wish to set up certificates for the UK production environment.
Option 2 - no-mTLS Endpoint
Customers, who have
up-to-date client software tools that support the state of the art cipher suites,
have static IPs that we can allow-list and
can’t allocate budget to implement mTLS in short term
can move to no-mtls.hl7.uk.patientsknowbest.com.
Backward compatibilty
deprecated-ciphers.no-mtls.hl7.uk.patientsknowbest.com is intended as a short term solution for customers who are not as yet up to date with their software systems and still require support for using ciphers that are considered to be weak.
...
.
Standard ports
Using standard ports (443) will allow allows us to consolidate our server certificate management and fully automate the renewall process for all our endpoints.
Supported ciphers
my
WSDL
If you require a WSDL file please use one of the following paths depending on which option you are using:
...
Legend
supported,
not-supported,-
*: not supported (for technical reasons)
...
Name (OpenSSL)
...
mtls
...
no-mtls
...
Supported ciphers
Name (OpenSSL) | mtls | no-mtls | |||||||
|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
|
| ||||||
|
|
| ||||||
|
|
| ||||||||
|
|
|
|
|
| ||||||||
|
|
|
|
|
| ||||||
|
|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
*
| Status | ||||
|---|---|---|---|---|
|
*
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|