Stream: IG creation
Topic: SSL Handshake error
Patrick Werner (Nov 13 2019 at 15:49):
When using: ./_genUpdatePublisher.sh i recently get an javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake Exception.
After debugging the issue for a while i came to the conclusion that the cause of this is the hl7.org server only supporting legacy ssl/tls protocols: https://www.ssllabs.com/ssltest/analyze.html?d=hl7.org (the server is in a real horrible state)
Would it be possible to enable TLS1.2/1.3 with proper ciphers on this server? Or does anyone knows how to enable support for these legacy protocols in ANT with java 11.0.2 ? (-Djdk.tls.client.protocols=TLSv1 didn't work)
Patrick Werner (Nov 13 2019 at 15:49):
adding @James Jones as he got the same problem
Kevin Power (Nov 13 2019 at 16:25):
Perhaps @David Johnson might want to weigh in on the hl7.org side of things?
Grahame Grieve (Nov 13 2019 at 20:27):
DJ is working hard to upgrade the server - he's been working on it for months
Grahame Grieve (Nov 13 2019 at 20:28):
I don't know why you are even doing that.
Patrick Werner (Nov 13 2019 at 20:45):
why am i doing what? I want to build our IG with the latest IG, therefore i need to call the genUpdatePublisher Script to trigger the ant task upgrading the publisher. This fails because of the SSL Handshake connection.
Grahame Grieve (Nov 13 2019 at 20:49):
but what has that got to do with hl7.org? and why use SSL?
Kevin Power (Nov 13 2019 at 21:06):
It sounds like he is simply building the Genomics Reporting IG, and the run of the publisher is producing that error - and something he saw led him to believe something was hitting hl7.org to cause the problem? FWIW - I don't see this error locally when I build it. And it doesn't happen in the auto-build either.
Grahame Grieve (Nov 13 2019 at 21:09):
I don't think that the publisher hits https:// on hl7.org
David Johnson (Nov 13 2019 at 21:10):
Quick weigh-in! I'm going to announce in the next couple of days that the server will be moved on 11/22 at 3 pm. There will be some downtime that day, and fixes happening over the weekend as necessary. I am staying home over US Thanksgiving holiday to be close to the machine. This must happen as most browsers are dropping support for anything less than TLS 1.2 come Jan 2020. That's what's happening here. Thanks!
Kevin Power (Nov 13 2019 at 21:13):
I not sure what @Patrick Werner saw that made him think hl7.org was the problem.
Patrick Werner (Nov 14 2019 at 14:33):
thanks @David Johnson for the heads up.
Patrick Werner (Nov 14 2019 at 14:35):
I now found the cause. In @Lloyd McKenzie 's IG Publisher Framework the url for the schemas is read from a properties.txt file. This file included the line: fhirspec=https://hl7.org/fhir/, switching it to http resolved the issue. @James Jones
Last updated: Apr 12 2022 at 19:14 UTC
