
=============================================================================
Run Date: AUG 24, 2020                     Designation: XOBW*1*6
Package : XOBW - WEB SERVICES CLIENT          Priority: Mandatory
Version : 1         SEQ #5                      Status: Released
                  Compliance Date: SEP 24, 2020
=============================================================================

Associated patches: (v)XOBW*1*4    <<= must be installed BEFORE `XOBW*1*6'

Subject: TLSv1.2 SSL/TLS CONFIGURATION

Category: 
  - Informational
  - Other

Description:
============

 **************************************************************************
   This informational patch involves modifications using the Cache 
   Management Portal. This TLS/SSL configuration must be installed in all
   nodes, both front-end server nodes and database server nodes.
 **************************************************************************
  
 As the VA and VistA applications make additional usage of web services 
 there is a need to move towards more modern secure communication
 protocols.
  
 The instructions in this patch will introduce a new Secure Sockets Layer (SSL)/
 Transport Layer Security (TLS) configuration by the name of 
 'encrypt_only_tlsv12' that can be utilized by any application with a 
 HealtheVet Web Services Client (HWSC) Web Server. This new configuration will 
 use the TLSv1.2 protocol.
  
 Associated task:
 ================
 1218690: HealtheVet Webservice client
  
 Instructions:
 ============
 *** The migration to Cache 2017 must be completed prior to installing this
 patch. ***
  
 The following tasks must be completed by a Cache Systems Manager with the 
 %Manager ROLE.
  
 Cache 2017 Management Portal:
  
   1. As a System Manager open the Cache Management Portal
   2. Navigate to System Administration -> Security -> SSL/TLS 
      Configurations
   3. Select the "Create New Configuration" button on in the SSL/TLS 
      Configurations web page.
   4. Create the new configuration; setting the following information into 
      the form.
   
        a. Configuration Name:       encrypt_only_tlsv12
        b. Description:              XOBW*1.0*6
        c. Enabled:                  Checked
        d. Type:                     Client
        e. Peer certificate verification level: None
        f. Private key type:         RSA
        g. Password:                 Leave as is
        h. Protocols:
            A. SSLv3:                Un-Checked
            B. TLSv1.0:              Un-Checked
            B. TLSv1.1:              Un-Checked
            C. TLSv1.2:              Checked
        i. Enabled ciphersuites:     ALL:!aNULL:!eNULL:!EXP:!SSLv2
  
 Note: This TLS/SSL configuration must be installed in all nodes, both 
 front-end server nodes and database server nodes.
  
 Additional Information:
  
 TLS/SSL Configurations:
 -----------------------
 Configuration name: encrypt_only_tlsv12
  
 Test Sites:
 -----------
 VA Pittsburgh Healthcare System
 Madison - William S. Middleton Memorial Veterans Hospital
  
  
 Software and Documentation Retrieval Instructions:
 ---------------------------------------------------- 
 This release includes software files. They can be obtained at 
 location: /srv/vista/patches/SOFTWARE
 the software files can also be obtained by accessing
 the URL: https://download.vista.domain.ext/index.html/SOFTWARE
  
 File Title                                     File Name
 --------------------------------------------------------------------------
 Patch XOBW*1.0*6 Deployment, Installation,     XOBW_1_0_P6_DIBR.PDF
 Back-Out, and Rollback Guide
  
 Documentation describing the new functionality is included in this 
 release. Documentation can be found on the VA Software Documentation 
 Library at: https://www.domain.ext/vdl/. Documentation can also be 
 obtained at https://download.vista.domain.ext/index.html/SOFTWARE 
  
 Title                                           File Name
 ==========================================================================
 Patch XOBW*1.0*6 Deployment, Installation,      XOBW_1_0_P6_DIBR.PDF
 Back-Out, and Rollback Guide
  
 Host File Name                           FTP Mode 
 --------------------------------------------------------------------- 
 N/A
  
  
 Installation Instructions:
 --------------------------
 See The HealtheVet Web Services Client (HWSC):Patch XOBW*1.0*6 
 Deployment, Installation, Back-Out, and Rollback Guide, 
 XOBW_1_0_P6_DIBR.PDF.
  
  
 Back-Out/Roll Back Plan: 
 ------------------------
 Refer to installation guide XOBW_1_0_P6_DIBR.PDF for information on how 
 to back-out the patch.

Routine Information:
====================
No routines included.

=============================================================================
User Information:
Entered By  :                               Date Entered  : JAN 27, 2020
Completed By:                               Date Completed: AUG 20, 2020
Released By :                               Date Released : AUG 24, 2020
=============================================================================


Packman Mail Message:
=====================

No routines included