Details of the API security model and supported protocols.

Transport Layer Security (TLS) Protocol

After consultation with the Infrastructure Security, Operational Security and Spine DDC teams TLSv1.2 SSL protocol SHALL be supported.

Supported Ciphers

After consultation with the Infrastructure Security, Operational Security and Spine DDC teams the following SSL ciphers SHALL be supported.

  • AESGCM+EECDH
  • AESGCM+EDH
  • AES256+EECDH
  • AES256+EDH

1Digitcert - SSL Support Enabling Perfect Forward Secrecy

Tomcat OpenSSL Support Using The APR/Native Provider

  • SSLCipherSuite = AESGCM+EECDH,AESGCM+EDH,AES256+EECDH,AES256+EDH
  • SSLHonorCipherOrder = true
  • SSLProtocol = TLSv1.2
  • SSLVerifyClient = require

Please see the Tomcat Config HTTP SSL Support webpage for more details.

External Documents / Policy Documents

Name Author Version Updated
Approved Cryptographic Algorithms Good Practice Guidelines NHS Digital v4.0 13/07/2016
Warranted Environment Specification (WES) NHS Digital v1.0 June 2015
Tags: development