Hello, I inherited a project here at HealthInfoNet from a former employee who configured the Connect gateway to retrieve CCD documents from the VA. This is a complex configuration with many components. We use Orion as a vendor and the Connect product talks to an instance of Orion Rhapsody. It is also configured to connect to a MySQL database. The Connect server is running on an instance of Glassfish. I am for all intents and purposes a complete novice when it comes to understanding this system.
Yesterday we noticed that our users were unable to retrieve CCD documents from the VA through our clinical portal. I believe the relevant error in the log file is
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
When I asked the VA about this, the reply was "We moved to support for TLS 1.2 only yesterday and that is the most likely root cause. Does your production system support communications over TLS 1.2? Sequoia Project just issued guidance recommending organizations support TLS 1.2 and stating it will be mandatory by February 2018 but as a federal agency we were obligated to disable TLS 1.1 and 1.0 yesterday."
Could someone help me understand how to configure Connect to use TLS 1.2? I believe the version we have installed is 4.3.
The solution turned out to be setting a JVM option in the Glassfish domain1 domain.xml file:
<jvm-options>-Dhttps.protocols=TLSv1.2</jvm-options> </java-config> And then restarting the domain1 service.