Eclipse Community Forums: OHF » ATNA Support update for the OHF IHE Plugins and OHF Bridge

Home » Archived » OHF » ATNA Support update for the OHF IHE Plugins and OHF Bridge

ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #24359]

Wed, 22 November 2006 01:19

Eclipse User

Originally posted by: rgd.us.ibm.com

We've succesfully tested ATNA TLS with the MESA TLS Tests, and with the
IBM test services on lswin10.dfw.ibm.com.

As Sarah mentioned in another post, we have a bug open against the NIST
test server. For some reason we are getting a handshake failure with
that one system - all the others we've tested against are doing TLS just
fine with the OHF plugins.

One important note we've raised with the IHE, and are awaiting a
response - is that the Sun JVMs 1.4.2 and 1.5.x don't provide support
for the TLS cipher TLS_RSA_WITH_NULL_SHA. This is specified by the
ATNA profile as the unencrypted cipher to use. Currently we've
substituted the simliar cipher SSL_RSA_WITH_NULL_SHA in the OHF ATNA
code, and with this cipher we've succesfully passed the required MESA
TLS tests 1221, 1222, 1223.

regards,
glenn deen (IBM OHF team)

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #24446 is a reply to message #24359]

Thu, 23 November 2006 01:11

Eclipse User

Originally posted by: rgd.us.ibm.com

Glenn wrote:
>
> We've succesfully tested ATNA TLS with the MESA TLS Tests, and with the
> IBM test services on lswin10.dfw.ibm.com.
>
> As Sarah mentioned in another post, we have a bug open against the NIST
> test server. For some reason we are getting a handshake failure with
> that one system - all the others we've tested against are doing TLS just
> fine with the OHF plugins.
>
> One important note we've raised with the IHE, and are awaiting a
> response - is that the Sun JVMs 1.4.2 and 1.5.x don't provide support
> for the TLS cipher TLS_RSA_WITH_NULL_SHA. This is specified by the
> ATNA profile as the unencrypted cipher to use. Currently we've
> substituted the simliar cipher SSL_RSA_WITH_NULL_SHA in the OHF ATNA
> code, and with this cipher we've succesfully passed the required MESA
> TLS tests 1221, 1222, 1223.
>
> regards,
> glenn deen (IBM OHF team)
>

Update - SSL_RSA_WITH_NULL_SHA is 100% equivalent in Java to
TLS_RSA_WITH_NULL_SHA. The name is different, but the actual cipher ID
sent to the server is the same as TLS_RSA_WITH_NULL_SHA. I've updated
the ATNA transport code with this cipher name. So it's now good to go.
I've tested it with MESA and it's succesfully negotating the TLS handshake.

-glenn

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #25333 is a reply to message #24446]

Wed, 29 November 2006 04:08

Eclipse User

Originally posted by: sdoyle.medcommons.net

How do we test the TLS connections from the bridge to the MESA servers
(e.g., Test #s 11141, 11142, 11143)?

I see the JUnit code for the plugins - but how do we test this in the
context of the bridge? Or - do we claim that because you have passed these
tests that this is adequate?

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #25373 is a reply to message #25333]

Wed, 29 November 2006 14:29

Eclipse User

Originally posted by: donnie.gooch.pointclearsolutions.com

I am (capmed) reusing IBM's, waiting on verification now.

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #25413 is a reply to message #25373]

Wed, 29 November 2006 15:11

Eclipse User

Originally posted by: sdoyle.medcommons.net

Donnie Gooch (CapMed wrote:

> I am (capmed) reusing IBM's, waiting on verification now.

Hi Donnie -

Did you get the verification files from IBM or did you just write
something saying that the bridge handled this case?

Thanks!

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #25452 is a reply to message #25333]

Wed, 29 November 2006 15:21

Eclipse User

The OHF Bridge has passed these tests for you. You are to what is in the
JUNIT Documentation. We are working on updating
http://wiki.eclipse.org/index.php/OHF:ATNA_2007_MESA_Tests. Please
refere to the links in the ATNA Test table here:
http://wiki.eclipse.org/index.php/IHE_Connectathon_2007#Deta iled_MESA_Test_Info

- Sarah

Sean Doyle wrote:
> How do we test the TLS connections from the bridge to the MESA servers
> (e.g., Test #s 11141, 11142, 11143)?
>
> I see the JUnit code for the plugins - but how do we test this in the
> context of the bridge? Or - do we claim that because you have passed
> these tests that this is adequate?
>

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #575451 is a reply to message #24359]

Thu, 23 November 2006 01:11

Eclipse User

Glenn wrote:
>
> We've succesfully tested ATNA TLS with the MESA TLS Tests, and with the
> IBM test services on lswin10.dfw.ibm.com.
>
> As Sarah mentioned in another post, we have a bug open against the NIST
> test server. For some reason we are getting a handshake failure with
> that one system - all the others we've tested against are doing TLS just
> fine with the OHF plugins.
>
> One important note we've raised with the IHE, and are awaiting a
> response - is that the Sun JVMs 1.4.2 and 1.5.x don't provide support
> for the TLS cipher TLS_RSA_WITH_NULL_SHA. This is specified by the
> ATNA profile as the unencrypted cipher to use. Currently we've
> substituted the simliar cipher SSL_RSA_WITH_NULL_SHA in the OHF ATNA
> code, and with this cipher we've succesfully passed the required MESA
> TLS tests 1221, 1222, 1223.
>
> regards,
> glenn deen (IBM OHF team)
>

Update - SSL_RSA_WITH_NULL_SHA is 100% equivalent in Java to
TLS_RSA_WITH_NULL_SHA. The name is different, but the actual cipher ID
sent to the server is the same as TLS_RSA_WITH_NULL_SHA. I've updated
the ATNA transport code with this cipher name. So it's now good to go.
I've tested it with MESA and it's succesfully negotating the TLS handshake.

-glenn

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #576318 is a reply to message #24446]

Wed, 29 November 2006 04:08

Eclipse User

How do we test the TLS connections from the bridge to the MESA servers
(e.g., Test #s 11141, 11142, 11143)?

I see the JUnit code for the plugins - but how do we test this in the
context of the bridge? Or - do we claim that because you have passed these
tests that this is adequate?

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #576336 is a reply to message #25333]

Wed, 29 November 2006 14:29

Eclipse User

Originally posted by: donnie.gooch.pointclearsolutions.com

I am (capmed) reusing IBM's, waiting on verification now.

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #576393 is a reply to message #25373]

Wed, 29 November 2006 15:11

Eclipse User

Donnie Gooch (CapMed wrote:

> I am (capmed) reusing IBM's, waiting on verification now.

Hi Donnie -

Did you get the verification files from IBM or did you just write
something saying that the bridge handled this case?

Thanks!

Re: ATNA Support update for the OHF IHE Plugins and OHF Bridge [message #576403 is a reply to message #25333]

Wed, 29 November 2006 15:21

Eclipse User

The OHF Bridge has passed these tests for you. You are to what is in the
JUNIT Documentation. We are working on updating
http://wiki.eclipse.org/index.php/OHF:ATNA_2007_MESA_Tests Please
refere to the links in the ATNA Test table here:
http://wiki.eclipse.org/index.php/IHE_Connectathon_2007#Deta iled_MESA_Test_Info

- Sarah

Sean Doyle wrote:
> How do we test the TLS connections from the bridge to the MESA servers
> (e.g., Test #s 11141, 11142, 11143)?
>
> I see the JUnit code for the plugins - but how do we test this in the
> context of the bridge? Or - do we claim that because you have passed
> these tests that this is adequate?
>

Previous Topic:	new Audit messages on the server
Next Topic:	TLS with NIST now availiable on OHF Bridge

Goto Forum:

-=] Back to Top [=-

Current Time: Sat May 10 17:39:26 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter