Details of the API security model and supported protocols.

Secure Socket Layer (SSL), and Transport Layer Security (TLS) Protocols

After consultation with the Infrastructure Security, Operational Security and Spine DDC teams the following SSL protocols SHALL be supported.

  • TLSv1.2
  • TLSv1.1
  • TLSv1

Supported Ciphers

After consultation with the Infrastructure Security, Operational Security and Spine DDC teams the following SSL protocols SHALL be supported.

  • AESGCM+EECDH
  • AESGCM+EDH
  • AES256+EECDH
  • AES256+EDH

1Digitcert - SSL Support Enabling Perfect Forward Secrecy

Tomcat OpenSSL Support Using The APR/Native Provider

  • SSLCipherSuite = AESGCM+EECDH,AESGCM+EDH,AES256+EECDH,AES256+EDH
  • SSLHonorCipherOrder = true
  • SSLProtocol = TLSv1+TLSv1.1+TLSv1.2
  • SSLVerifyClient = require

Please see the Tomcat Config HTTP SSL Support webpage for more details.

Client Certificates (TLSMA)

External Documents / Policy Documents

Name Author Version Updated
Approved Cryptographic Algorithms Good Practice Guidelines NHS Digital v4.0 13/07/2016
Warranted Environment Specification (WES) NHS Digital v1.0 June 2015
Tags: development