Enterprise Upgrade: TLS and SHA-2
eHealth Ontario will be undertaking some important changes over the next 12 months to ensure that its services continue to operate securely and provide value to its clients and users. may be impacted by one or both of these changes, and may be required to system in advance of these changes.
TLS Upgrade (1.1/1.2)
Transport Layer Security (TLS) is a cryptographic protocol used for secure connections between browsers and a computer network. The TLS protocol provides private and reliable communication between a client application (i.e. web browser) and a server-hosted application (i.e. Portal/ONE ID). eHealth Ontario will be upgrading to the TLS 1.1 and 1.2 encryption standard for increased security. Those users who currently connect using a browser and/or operating system incompatible with TLS 1.1 or 1.2 may need to upgrade in advance to maintain connectivity. The minimum standard for compatibility is summarized in the table and can also be found here: https://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_browsers
Public Key Infrastructure SHA-2 Upgrade
Public Key Infrastructure (PKI) is a system of hardware, software and processes that are used to protect system-to-system communication through the use of digital certificates. To further enhance the security of eHealth Ontario’s communication with user and contributor systems, we will be upgrading our Public Key Infrastructure (PKI) to Secure Hash Algorithm Level 2 (SHA-2). If your organization has been issued a PKI certificate for system-to-system authentication (i.e. OLIS data contribution, ONE Mail) you will need to install a new SHA-2 compliant certificate (to be supplied by eHealth Ontario) to required desktop machines and servers.
eHealth Ontario will continue to contact you with regular progress updates regarding these changes. If you have any questions, please contact the eHealth Ontario Service Desk by email at email@example.com or by phone at 1-866-250-1554.
In order to maintain secure access, your organization will need to ensure that your client and server operating systems meet the minimum standards summarized in the table appended below: