- This topic has 13 replies, 6 voices, and was last updated 6 years, 6 months ago by
.
-
Topic
-
-
Replies
-
-
Well will your sending and receiving systems support secure protocols (like tcp/ip over SSL)?
Cloverleaf will but if the trading partners don’t then ???
As for encrpted payload you can do that with Tcl (I have played around with it) but once again what about the systems you are receiving from and sending to can they encrypt/decrypt?
email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.
-
-
You would need the add-on for SSL, then there is are configuration settings on the appropriate protocols. The add-on has a fee – but if the security folks are serious they need to understand there are costs associated with their directives which they need to consider.
I think there is also some Tcl packages which you could use if you wanted to do it alll in Tcl. No fee I think but there are the development and maintenance costs to consider. They might be as high in the long run as the SSL add-on.
As for encryption, Tcl has some builtin support for most of the popular encryption algorithms.
What release of Cloverleaf?
email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.
-
-
-
I don’t recall but I don’t think it is a separate install.
You can tell if it is active by configuring a couple of threads (one client, one server) and see if they connect. If you get an error the SSL add-on is not activated.
You can configure without the add-on but not execute as I recall.
As I said I have played around with it but we don’t use any SSL inside Cloverleaf routinely for a number of reasons have nothing to do with the capabilities of Cloverleaf.
email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.
-
We are starting to get the same thing at my organization, so I’m also in search of a solution.
For those who might be more familiar, what about the use of IPSEC rules in windows firewall for securing the communication between Cloverleaf and 3rd party systems. If I were to utilize a certificate generated from our own CA, would Cloverleaf be able to use it to negotiate with a Windows server firewall rule that requires a Computer Certificate as the authentication method?
-
We use IPSEC for a lot of interfaces, but it’s normally not handled in Cloverleaf. Our network team sets up the tunnel connection to a remote site and gives us an IP address to connect to their server (which may be a NAT address). Then we can put that address in Clovlerleaf and treat it like it is a server on our local network. Connections can work in the other direction as well with Cloverleaf as the listener. IPSEC passwords and certs would be put in our firewall, not in the Cloverleaf config.
-
Has anyone else made progress encrypting HL7 traffic into/out of Cloverleaf? This is being brought up again at our organization. I was thinking that Cloverleaf Secure Courier might be another option, but in this case we’d need it to secure traffic on our own network. OpenVPN or Stunnel seem like other usable options. Is there anyone that has converted a bunch of unencrypted interfaces at once?
-
At another company I worked for 15+ years ago we got it to work on CL 3.x we encrypted the data just before being written out the protocol. We used BLOW-FISH algorithm back then. We were just testing it and it worked internally at that company in the test work with a single test interface. So I know it can be done.
It takes a lot of coordination between groups to get it going and esp with the ACKS etc.
-
Rob Lindsey wrote:
It takes a lot of coordination between groups to get it going and esp with the ACKS etc.
Yeah, that’s the problem. Turning on encryption on a thread isn’t very hard, but if you’re trying to connect to a system supported by a vendor, most of them aren’t very flexible turning on encryption because it’s not normally part of a standard HL7 interface, and there’s no uniform solution.
-
-
-
- The forum ‘Cloverleaf’ is closed to new topics and replies.
