Search found 17 matches

by amal.jesudas
Mon, 2021-04-12, 10:27
Forum: DCMTK - General
Topic: TLS v1.3 support issue
Replies: 5
Views: 119

Re: TLS v1.3 support issue

Normally there should not be the need to limit the TLS version. The TLS versions and ciphersuites negotiated are defined in profiles in DICOM part 15. You select a profile and DCMTK will do the right thing. The "Extended BCP 195 TLS Profile" will only negotiate TLS 1.2, whereas the default "BCP 195...
by amal.jesudas
Wed, 2021-04-07, 08:34
Forum: DCMTK - General
Topic: TLS v1.3 support issue
Replies: 5
Views: 119

Re: TLS version support

Just as a note to help people facing similar issues due to TLSv1.3 support, the above proposed solution works. I modified tlslayer.cc to add a new API to set max proto version. In our case, we set max proto version directly to TLS1_2_VERSION instead of passing as parmeter to API. DcmTransportLayerSt...
by amal.jesudas
Thu, 2021-04-01, 08:31
Forum: DCMTK - General
Topic: TLS v1.3 support issue
Replies: 5
Views: 119

Re: TLS version support

Does this commit (from May 2019) solve your issue? Hi Jörg, I was just scrolling through the commit you mentioned. As per initial impression the flag "tls13_enabled" could do the trick for us. In tlslayer.cc, SSL_CTX_set_max_proto_version() API is called to set TLSv1.2 as maximum version if tls13_e...
by amal.jesudas
Mon, 2021-03-29, 09:08
Forum: DCMTK - General
Topic: TLS v1.3 support issue
Replies: 5
Views: 119

TLS v1.3 support issue

Hi, Recently I observed a case where TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 was set at the client side (SCU) but the client hello message listed below cipher suites: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 This occurred when the...
by amal.jesudas
Tue, 2020-05-05, 13:07
Forum: DCMTK - General
Topic: EXTENDED BCP195 TLS PROFILE
Replies: 2
Views: 750

Re: EXTENDED BCP195 TLS PROFILE

Thanks Marco for clarifying the same.

Regards,
Amal
by amal.jesudas
Wed, 2020-04-22, 15:18
Forum: DCMTK - General
Topic: EXTENDED BCP195 TLS PROFILE
Replies: 2
Views: 750

EXTENDED BCP195 TLS PROFILE

Hi, We are planning to upgrade our current dcmtk version to latest 3.6.5. However while checking the TLS related implementations, it was seen that 3.6.5 supports EXTENDED BCP195 TLS PROFILE. But, not all ciphers suites mentioned in DICOM Sup 206 is seen to be supported. https://www.dicomstandard.org...
by amal.jesudas
Thu, 2018-04-05, 12:36
Forum: DCMTK - General
Topic: DCMTK SECURITY PROFILE SUPPORT STD-GEN-SEC-DVD-RAM
Replies: 0
Views: 1853

DCMTK SECURITY PROFILE SUPPORT STD-GEN-SEC-DVD-RAM

Hi, I am currently using dcmtk 3.6.2. Recently I got a requirement to support security profiles STD-GEN-SEC-DVD-RAM and STD-GEN-SEC-CD. But dcmtk seems not to be supporting these security versions for the same. Although dcmtk supports following profiles with out security: STD-GEN-CD and STD-GEN-DVD-...
by amal.jesudas
Thu, 2018-03-29, 10:32
Forum: DCMTK - General
Topic: dcmtk print scp support
Replies: 0
Views: 1797

dcmtk print scp support

Hi All, I was checking how to set up a print scp using dcmtk tools. On trying to check a basic print scp set up with dcmprscp, I ran into a database related error, the details are added below: D:\dcmtk\bin\Release>dcmprscp -v -c dcmpstat.cfg -p IHEFULL W: $dcmtk: dcmprscp v3.6.2 2017-07-14 $ W: 2018...
by amal.jesudas
Wed, 2018-02-21, 21:38
Forum: DCMTK - General
Topic: DICOM Encryption.
Replies: 4
Views: 3093

Re: DICOM Encryption.

Hi, in DICOM TLS is used for secure transmission over the network. In DCMTK, the dcmtls module implements TLS for DICOM (using OpenSSL for the TLS functionality). The tools storescu and storescu from the dcmnet module can be used for testing, if DCMTK is compiled with OpenSSL support. Best, Michael...
by amal.jesudas
Mon, 2018-02-19, 20:02
Forum: DCMTK - General
Topic: Open SSL Cipher Suites
Replies: 10
Views: 4115

Re: Open SSL Cipher Suites

Well, at this point you'll probably have to check things with the debugger. I noticed that the new cipher suites you refer to are TLSv1.2 suites. You should probably check which TLS version is proposed by the client, and which version(s) the server is willing to accept. The error code "unspecified ...
by amal.jesudas
Fri, 2018-02-16, 03:22
Forum: DCMTK - General
Topic: Open SSL Cipher Suites
Replies: 10
Views: 4115

Re: Open SSL Cipher Suites

In order to add support for a specific TLS ciphersuite in DCMTK, you have to do the following: Make sure that the ciphersuite is supported in the OpenSSL library you compile against (e.g. OpenSSL 1.1.0 needs to be compiled with specific flags to enable 3DES) Add the ciphersuite to the list of known...
by amal.jesudas
Fri, 2018-02-16, 02:29
Forum: DCMTK - General
Topic: Open SSL Cipher Suites
Replies: 10
Views: 4115

Re: Open SSL Cipher Suites

To the OP: DICOM Supplement 204 (currently being Letter Ballot ) will introduced exactly these four cipher suites as part of the new "Non-Downgrading BCP195 TLS Profile". Implementing support for it is already on our to-do list . Hi Jörg, Thanks for the info. So once in place, - Best Practices TLS ...
by amal.jesudas
Mon, 2018-02-12, 21:41
Forum: DCMTK - General
Topic: Open SSL Cipher Suites
Replies: 10
Views: 4115

Re: Open SSL Cipher Suites

I only have a few general remarks: Make sure that the desired ciphersuites are supported by your OpenSSL version (check with "openssl ciphers -v"). If they are not supported, check whether a newer version supports them or whether you need to enable them by some switch. If you add new ciphersuites t...
by amal.jesudas
Mon, 2018-02-12, 20:19
Forum: DCMTK - General
Topic: Open SSL Cipher Suites
Replies: 10
Views: 4115

Re: Open SSL Cipher Suites

I want to test cipher suite support for a DICOM server for the following cipher suites: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 As a start I tried to check support for these using dcmtk binar...
by amal.jesudas
Mon, 2018-02-12, 20:18
Forum: DCMTK - Installation
Topic: DCMTK on visual studio 2017 with ssl
Replies: 15
Views: 13436

Re: DCMTK on visual studio 2017 with ssl

Hi, I have one question about the binaries you supplied. When we use the OpenSSL binaries under Windows compiled by Offis (that one supplied using the link in this posting), the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” (defined as "DES-CBC3-SHA" in OpenSSL) is not supported (and this just happe...