Enabled TLS/SSL Protocols

SSL Manager User Guide

Enabled TLS/SSL Cipher Suites

The cipher suite is a set of algorithms used during TLS/SSL transport by both the client and server. By default, only the most secure cipher suites are enabled, but if you are communicating with a legacy server that only supports an older, weaker cipher suite, you can configure your connector to use it without affecting any other connectors or channels. Enabled Cipher Suites option on SSL Settings window Select the wrench icon to open the Set Cipher Suites window: Set Cipher Suites window The server defaults refers to the cipher suites configured for the overall Mirth® Connect by NextGen Healthcare server, in mirth.properties. For more information, go to the Success Community and download the User Guide for Mirth® Connect by NextGen Healthcare, then look at the mirth.properties section. To override the server defaults and set your own enabled cipher suites, select No next to "Use server defaults". You will then be able to enable or disable individual cipher suites as you see fit. Use t

Mirth® Connect by NextGen Healthcare User Guide

3.1.1 Upgrade Notes

Due to the recent POODLE vulnerability, we have disabled SSLv3 for all of our relevant connectors and connections that use SSL. In case you are connecting to some legacy systems that require SSLv3, it is possible to re-enable SSLv3. In your mirth.properties file, you will find the following two properties: https.client.protocols = TLSv1.2,TLSv1.1,TLSv1https.server.protocols = TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello If you need to use SSLv3, simply add "SSLv3" into the comma separated list for the client or server protocols and restart your server. These two properties also allow you to configure exactly which SSL protocols you wish to use. Similarly, if you need to add or remove cipher suites, you can update the https.ciphersuites property in the mirth.properties file. Please note that if you are making HTTPS connections programmatically in JavaScript, you will still need to update your code accordingly in order to disable SSLv3. When upgrading to Mirth® Connect by NextGen Healthcare 3.1.1+ O

Mirth® Connect by NextGen Healthcare User Guide

Default TLS/SSL Settings

The following properties can be set to modify the default TLS settings: Property Default Value Description https.client.protocols TLSv1.3,TLSv1.2 The protocols to support by default for all TLS/SSL/HTTPS client traffic. CAUTION: Changing this property could leave your server vulnerable to certain SSL-based attacks. Note: The SSL Manager enables you to adjust protocol settings on a per-connector basis, rather than having to change the value for the entire server. Note: TLSv1.3 is only available when running Mirth Connect on Java 11 or later. https.server.protocols TLSv1.3,TLSv1.2,SSLv2Hello The protocols to support by default for all TLS/SSL/HTTPS server traffic. CAUTION: Changing this property could leave your server vulnerable to certain SSL-based attacks. Note: The SSL Manager enables you to adjust protocol settings on a per-connector basis, rather than having to change the value for the entire server. Note: TLSv1.3 is only available when running Mirth Connect on Java 11 or later. ht

Mirth® Appliance by NextGen Healthcare Deployment Guide, 4.1

Using the SSL Tunnels Service

Secure Sockets Layer (SSL) is a cryptographic protocol for providing secure communications over TCP/IP networks. Using SSL enables you to securely exchange messages over public networks such as the Internet. With the SSL Tunnels service, Mirth® Appliance by NextGen Healthcare you can accept SSL connections for any of the listener-based Mirth® Connect connector types such as HTTP, LLP/MLLP, SOAP, and TCP. You can also add SSL to the corresponding destination connectors. Inbound tunnels accept an SSL connection from a remote host and pass it to the listening port of a Mirth® Connect channel on the local system. Outbound tunnels listen on a local port for a Mirth® Connect destination connector, add an SSL layer to the connection, and pass it on to a specific remote host. Note: Consult your network administrators regarding setting up two-way SSL authentication. Select Services > SSL Tunnels to open the SSL Tunnel Management window, which shows all of the currently configured tunnels on the

SSL Manager User Guide

Saving Changes

Once all necessary fields are complete, select OK on the SSL Settings window. In the Channel Tasks panel, select Save Changes, then deploy the channel. The connector automatically uses the configured SSL settings. You do not need to restart the Mirth® Connect by NextGen Healthcare server. Parent topic: Apply Destination Connector SSL Settings

LDAP Authorization User Guide

Enable Encryption

Configure options for encrypted communication between Mirth® Connect by NextGen Healthcare and a Lightweight Directory Access Protocol (LDAP) server. Mirth® Connect by NextGen Healthcare can communicate with a Lightweight Directory Access Protocol (LDAP) server using an encrypted connection. You can set options to encrypt the LDAP connection. LDAP Configuration In the LDAP Configuration section, set Encryption to one of the following: None: No encryption is performed. STARTTLS: Start with Transport Layer Security (TLS) and upgrade to an encrypted connection. Typically, LDAP servers use port 389 for TLS. SSL: Use Secure Sockets Layer (SSL) protocol. Typically, LDAP servers use port 636 for SSL. Set Certificate Validation to one of the following: Enabled: Mirth® Connect does not connect to the LDAP server if the server presents an SSL certificate that is not trusted. For the connection to succeed, you need to first import the LDAP server public SSL certificate. Disabled: Mirth® Connect t