Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
OHF IHE ATNA
The network authentication portion of ATNA provides mutual authentication between the "Secure nodes" running IHE Actors using X.509 certificates and TLSv1. In addition there is also the option to encrypt the network communication for the session. Network authentication is directly integrated with the OHF XDS Document Source, XDS Document Consumer, PIX Client, PIX Source, and PDQ Client. The OHF Bridge also supports it.
The X.509 certificates need by the plugin must be in the JKS (Java Key Store) format files.
To enable TLSv1 you must configure the plugin. This can be done programmatically using the org.eclipse.ohf.ihf.common.atna.ConfigurationManager class, or via environment variables.
Environment variables for the private keystore holding the private certificate of the node
javax.net.ssl.keyStore=<fullpath/keystore-file>.jks javax.net.sll.keyStorePassword=XXXX (password for the above file)
Environment variables for the public certificates used to validate the remote node's certificiate
javax.net.ssl.trustStore=<fullpath/truststore-file>.jks javax.net.ssl.trustStorePassword=XXXX (password for the above file)
(optional) Environment variables for debugging options
Two common debugging options
javax.net.debug=all or javax.net.debug=sslhandshake
(optional) Environment variables for selecting the Ciphe Suites used by TLS
https.cipherSuites= common seperated list of ciphers.
if not specified the plugin will by default use:
Note: Java uses the name SSL_RSA_WITH_NULL_SHA for the ciphe TLS_RSA_WITH_NULL_SHA. These are the same cipher.
Audit Messages Reference information
ATNA uses DICOM supplement 95 as the source for its audit message content.
ATNA is composed of the following plugins:
- org.eclipse.ohf.ihe.atna.agent <-- the main visible package for users
- org.eclipse.ohf.ihe.atna.audit <-- auditing
- org.eclipse.ohf.ihe.atna.transport<-- open and TLS transport
- org.eclipse.ohf.ihe.common.atna <-- configuration management for TLS properties
Documentation regarding OHF ATNA Agent will appear here shortly