Did the open sandbox TLS configuration recently change?
I am now getting TLS handshake errors, last successful connection was Feb 22nd (detail below)
What I've done:
- I am able to successfully connect using curl and Postman from the same machine.
- Can replicate from app running different hardware on separate network.
- Updating my application TLS config to use the cipher options used by curl.
- Confirmed cipher selected from curl handshake is present in my app Client Hello.
- Turned
off all versions of SSL and TLSv1.0 (from the FAQ:
http://fhir.cerner.com/millennium/faq/common-issues/#tls-configuration)
There is no detail in the error returned by the sandbox, just "handshake failure".
The
significant Client Hello differences between the successful curl and
failed app call are in the "Extensions". Is there a TLS extension my
application will need to now include/omit to ensure a successful
handhake?
Detail:
Thanks,
Mike