#SSL

4

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client.

Learn more.

What is TLS?

TLS, the successor to SSL, stands for Transport Layer Security and provides security (i.e. encryption and authentication) over a TCP/IP connection. If you have ever noticed the "s" on "https" URLs, you have recognized an HTTP connection "secured" by SSL/TLS. In the past, only login/authorization pages on the web would use TLS, but in today's hostile internet environment, best practice indicates that we should secure all connections with TLS.

16 1
6 519

Hi,

I recently had a company-enforced OS upgrade, and ever since going from mac OS 14.x to 15.x, I am currently having issues with SSL in IRIS.

An ARM (M3 pro) machine running OS 15.2, with the latest Docker Desktop (at the time of writing, 4.37.0). The Docker container runs IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1.2 (Build 574_0_22161U). This container has not changed.

1 3
0 264

I'm using a %Net.HttpRequest which had been successful in the past, but started failing at some point with a SSL/TLS protocol error.

ERROR #6085: Unable to write to socket with SSL/TLS configuration 'groundca', error reported 'SSL/TLS error in SSL_connect(), SSL_ERROR_SSL: protocol error, error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol'

The SSL/TLS configuration:

0 3
0 186

Hello,

I was just trying to get to the bottom of a TLS config - we have an interface with a TLS config that has had 'Server certificate verification' set to 'On', however the cert file specified either did not exist or contained a cert that was expired.

Does anyone know what the behavior is for this typically? I would expect this to not allow traffic on the interface, however this has been working fine for a few years now with an invalid cert specified for 'Server certificate verification' and set to 'On'.

0 0
0 132

Securing IRIS Integrations with Mutual TLS (mTLS): A Practical Guide

In today’s enterprise environments, secure communication between systems is not optional—it’s essential. Whether you're integrating InterSystems IRIS with cloud APIs, internal microservices, or third-party platforms, Mutual TLS (mTLS) offers a powerful way to ensure both ends of the connection are authenticated and encrypted.

This post walks through how to configure IRIS for mTLS and how to validate your certificates to avoid common pitfalls.

5 0
1 122

Hello,

I'm trying to connect a Python backend application to an InterSystems IRIS Community Edition instance running in a Docker container on an AWS EC2 instance. I'm facing persistent connection issues and an SSL Error despite the Superserver apparently having SSL disabled. I'm hoping for some insight into what might be causing this contradictory behavior.

My Setup:

0 2
0 82

For those that use IRIS for Health, HealthShare, and or Health Connect...

As Health Applications are moving to the Cloud, how have you handled communication from the Application to your instances via HTTPS?

Trying to figure out the best path on designing the proper workflow to allow these messages to be allowed to be eventually sent to our EMR to post to the patient chart.

We are very wary of opening a connection from the internet to our instance of Health Connect.

Thanks

0 0
0 79

Good day

I am trying to connect a business service to fileZilla using FTP on my local PC Win 11.

I am trying to setup my training after attending the Building HL7 interfaces course with ISC.

The connection is failing. He is the error below

ERROR <Ens>ErrOutConnectFailed: FTP Connect failed for localhost:21//SSL=' with error ERROR <Ens>ErrFTPConnectFailed: FTP: Failed to connect to server 'localhost:21//SSL='/' (msg='Missing required argument',code=501)

0 1
0 72

Does %OSCertificateStore only check the trusted root folder in windows?

Can it be used for Personal store on servers or is there another condition can be used?

Used it for a first time and writing a function to check specific ones being used for expiry but had one this week that was to be installed in personal rather than the trusted root and didn't know if stating OSCertificateStore or a url otherwise to look in the personal installed certs on the server could be used instead so stuck with the original way (which can get confusing)

0 0
0 64