11108: Connectathon TLS Configuration Check

Prerequisite for this test

(1) If you have not yet read the ATNA Testing Resources page, do that before proceeding with this test.

(2) To perform this test, your Connectathon digital certificates must be set up on your system (server and/or client).  Follow the instructions in test 11000  to obtain digital certificate(s) for your test system(s).

Overview of the test

In this test, you will use the Gazelle Security Suite (GSS) tool to verify that you are able to communicate with TLS clients and servers using digital certificates.   In particular, you will ensure that you can configure your test system to make connections using the TLS configuration used during Connectathon week:

  • TLS v1.2
  • TLS_RSA_WITH_AES_128_CBC_SHA cipher
  • digital certificate issued by the GSS tool

The GSS tool contains multiple client and server simulators.  The table below identifies which simulators are used in this test.  (Other simulators are used in test 11109).

Simulator Names (keyword) To be tested by...
Simulator config

Server RAW TLS 1.2 Connectathon

**All** Connectathon test system that support client actors (i.e. that initiate transactions using webservices, HL7v2, DICOM, and/or syslog protocols)

TLS 1.2

TLS_RSA_WITH_AES_128_CBC_SHA cipher

Client RAW TLS 1.2 Connectathon

**All** Connectathon test system that support server actors (i.e. that respond to transactions using webservices, HL7v2, DICOM, and/or syslog protocols)

TLS 1.2

TLS_RSA_WITH_AES_128_CBC_SHA cipher

 

Log in to the GSS tool

There are separate CAS systems for European and North American Connectathons.  The European CAS is linked to http://gazelle.ihe.net/EU-CAT/ and the North American CAS is linked to https://gazelle.iheusa.org/gazelle-na/.   You will use your username & password from Gazelle Test Management for either the European or NA Connectathon:

  • On the tool home page (http://gazelle.ihe.net/gss) find the "Login" link at the upper right of the page.  
  • Select either "European Authentication" or "North American Authentication"
  • Enter the username and password from either the European or North American instances of Gazelle linked above

Instructions for outbound transactions (Client side is tested)

If your test system (SUT) does not act as a client (i.e., does not initiate any transactions), then skip this portion of the test and only test the Server side below).

If your SUT acts as a client, you must be able to access to TLS server's public IP. You have to test your client by connecting to Server Simulators in the Gazelle Security Suite tool.

1. On the home page for the Gazelle Security Suite, select menu TLS/SSL-->Simulators-->Servers to find the list of server simulators. 

2. Select the "Server RAW TLS 1.2 Connectathon" simulator, and then configure your client to connect to that server.

3. Check that the server is started before trying to connect to it. Click on the link for the server you want and look for status "Running"

4. In your SUT, perform a connection (eg send a query) to the test server. You may choose any protocol (HL7v2, webservices, DICOM...).  The TLS connection is valid, but at transaction level you will get invalid replies because we are only checking for the TLS connection.

5. You should then get a timestamped entry in the results list at the bottom of the page.   Blue dot means OK, red NOT OK.

6. When you make a successful connection, view the result with the icon in the "Action" column.  Copy the Permanent Link (URL) to as the result for pre-Connectathon test 11108 in Gazelle Test Management. The link must be formatted like https://.../connection.seam?id=...

Instructions for inbound transactions (Server side is tested)

If your test system (SUT) does not act as a server (i.e., does not respond to any transactions initiated by others), then skip this portion of the test and only perform the Client test above).

If your SUT acts as a server (i.e. a responder to IHE transactions), your server must be accessible from the outside so that the GSS tool, as a client simulator, can connect to your SUT. 

1. On the home page for the Gazelle Security Suite, select menu TLS/SSL-->Simulators-->Clients to find the list of client simulators. 

2. Select the "Client RAW TLS 1.2 Connectathon" simulator.

3. In the "Start  Connection" section of the page, you will have to specify :

  • Client type : protocol supported (you may choose one of... HL7, DICOM, WS, SYSLOG, or RAW)
  • Target host : public IP of your server
  • Target port : public port of your server

4. Then click on "Start client".

5. You should then get a time-stamped entry in the results list.   Blue means OK, red NOT OK.

6. When you make a successful connection, view the result with the icon in the "Action" column.  Copy the Permanent Link (URL) to as the result for pre-Connectathon test 11108 in Gazelle Test Management. The link must be formatted like https://.../connection.seam?id=...

 Evaluation 

The tool reports success or failure for each test you perform.  Your test system must demonstrate successful TLS handshake for the configuration used at the Connectathon