Any need for a schannel-based TLS layer for DCMTK?

All other questions regarding DCMTK

Moderator: Moderator Team

Post Reply
Message
Author
jogerh
Posts: 37
Joined: Mon, 2022-02-28, 08:55

Any need for a schannel-based TLS layer for DCMTK?

#1 Post by jogerh »

Is there a need for secure communication using SChannel instead of OpenSSL in DCMTK on Windows?

On the Windows platform, the OpenSSL library has two main issues:
1. OpenSSL is incompatible with secure key storage on TPM chips on the Windows platform. Having this capability would improve security in networks with mobile/portable devices that can easily be lost or stolen.
2. Due to its high visibility, OpenSSL has frequent vulnerability reports which requires frequent updates to the software. With fleets of medical devices, modules requiring frequent updates adds a significant cost of maintenance.

In addition, having one less third party dependency to manage reduces complexity of managing the client software.

I can't promise anything here, but if this is something that DCMTK would benefit from, I can have it in the back of my mind. Please let me know what you think.

Thank you,
Jøger Hansegård

Marco Eichelberg
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 1437
Joined: Tue, 2004-11-02, 17:22
Location: Oldenburg, Germany
Contact:

Re: Any need for a schannel-based TLS layer for DCMTK?

#2 Post by Marco Eichelberg »

Well, this is a question that should be answered by the DCMTK users, not by the developers. If there is a perceived value in adding support for this alternative TLS implementation, this would certainly be technically feasible. We already support OpenSSL and LibreSSL in various incompatible versions, although that is arguably easier than porting to Microsoft's <schannel.h>, which uses a totally different API.

tbraunjones
Posts: 5
Joined: Wed, 2023-03-08, 09:30

Re: Any need for a schannel-based TLS layer for DCMTK?

#3 Post by tbraunjones »

Yes, we would be interested in this for exactly the reasons you outlined!

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 1 guest