Message Engine Overview - Message Engine - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Premier - Standard - external - Standard - Premier

Hyland Message Engine

Platform
OnBase
Product
Message Engine
Release
Foundation 23.1
License
Standard
Premier

The Hyland Message Engine is a service for forwarding TCP traffic securely between two instances of the Message Engine. The two Message Engine instances act as a bridge between local and remote systems, for example HL7 sending systems and listeners, forming connections used to pass data over the Internet between the systems.

The TCP traffic is encrypted by the Message Engine as it is transmitted, and decrypted by the corresponding Message Engine on reception. Connections between each Message Engine are secured by TLS encryption and mutual authentication using x509 certificates.

Note:

The minimum TLS version that is supported is TLS 1.3. This needs to be set through Windows, using the MinimumTlsVersion key in the NT service settings.json.

Message Engine connections are protected using the Cipher Suite, Hash algorithm, and key exchange for TLS, which is deferred to the OS. The exact cipher used is determined in the handshake between client and server as per the TLS standard. Microsoft maintains a default ordered list of enabled algorithms, and it can be modified by group policy. The Cipher Suite will be selected as the first item shared by both the client and server. If there are no matches, the handshake fails, and no connection will be established.

See the following for descriptions of the different types of connections the Message Engine uses to pass traffic between systems: