DCMTK on visual studio 2017 with ssl

Compilation and installation of DCMTK

Moderator: Moderator Team

Message
Author
ionut.vaida
Posts: 24
Joined: Fri, 2016-12-02, 09:51

DCMTK on visual studio 2017 with ssl

#1 Post by ionut.vaida »

Hello,
I tried to make dcmtk for visual studio 2017. Library is compiling fine if i didn't use ssl library.
I want to use ssl and i need to recompile openssl. I recompile openssl but in bin dir it makes libcrypto-1_1.dll and libssl-1_1.dll.
In dcmtk precompiled library in bin directory is dcmtkeay.dll and dcmtkssl.dll.
What i need to do? to rename libcrypto-1_1.dll -> dcmtkeay.dll and libssl-1_1.dll ->dcmtkssl.dll ?

thanks

Jan Schlamelcher
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 318
Joined: Mon, 2014-03-03, 09:51
Location: Oldenburg, Germany

Re: DCMTK on visual studio 2017 with ssl

#2 Post by Jan Schlamelcher »

It is appropriate to try that on the first of April, since compiling OpenSSL under Windows seems like an April fools joke (a bad one). We have a page in our internal Wiki that a colleague wrote when he figured out how to build OpenSSL for Windows. I could provide it as a PDF, it is in German though. Alternatively, you may give LibreSSL a try.

ionut.vaida
Posts: 24
Joined: Fri, 2016-12-02, 09:51

Re: DCMTK on visual studio 2017 with ssl

#3 Post by ionut.vaida »

Thank,
Can you provide me that pdf at email adress redacted?
Thanks

Jan Schlamelcher
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 318
Joined: Mon, 2014-03-03, 09:51
Location: Oldenburg, Germany

Re: DCMTK on visual studio 2017 with ssl

#4 Post by Jan Schlamelcher »

I've just sent it to your email address.

marco.kemper
Posts: 6
Joined: Wed, 2017-06-14, 11:00

Re: DCMTK on visual studio 2017 with ssl

#5 Post by marco.kemper »

Hi,

could you also send me this pdf, as my colleague is also trying to make this work using openssl and dcmtk 3.6.2?

Thanks in advance,
Marco Kemper
ict.nl

Jan Schlamelcher
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 318
Joined: Mon, 2014-03-03, 09:51
Location: Oldenburg, Germany

Re: DCMTK on visual studio 2017 with ssl

#6 Post by Jan Schlamelcher »

Please note that the tutorial does not really apply for newer versions of OpenSSL (but can still be used to get some ideas).

marco.kemper
Posts: 6
Joined: Wed, 2017-06-14, 11:00

Re: DCMTK on visual studio 2017 with ssl

#7 Post by marco.kemper »

Hi Jan,

thanks for the clarification, will let you know whether it works when we start with the security story in our project.

With kind regards,
Marco

Jan Schlamelcher
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 318
Joined: Mon, 2014-03-03, 09:51
Location: Oldenburg, Germany

Re: DCMTK on visual studio 2017 with ssl

#8 Post by Jan Schlamelcher »

Btw, you saw these, right? Did we miss to create binaries for your specific Compiler/Settings? If so, I might be able to add them (the files are auto generated using a script; I'm also thinking about making the script public but it would need some polishing first).

marco.kemper
Posts: 6
Joined: Wed, 2017-06-14, 11:00

Re: DCMTK on visual studio 2017 with ssl

#9 Post by marco.kemper »

Hi Jan,

sorry for the late reply
We did not know about these binaries, so your reply did help us, thanks!
We are now using one of the versions of the libs and header files (so no need for another version), that has saved us time.

With kind regards,
Marco

marco.kemper
Posts: 6
Joined: Wed, 2017-06-14, 11:00

Re: DCMTK on visual studio 2017 with ssl

#10 Post by marco.kemper »

Hi,

I have one question about the binaries you supplied.
When we use the OpenSSL binaries under Windows compiled by Offis (that one supplied using the link in this posting), the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” (defined as "DES-CBC3-SHA" in OpenSSL) is not supported (and this just happens to be the one we need for the DICOM secure profile). This is supported when we use the source code of the same version of DCMTK/OpenSSL under Ubuntu.

Any ideas why?
See below for what the openssl executable reports under Windows and Ubuntu.

Regards,
Marco Kemper

----------------------

Supported cipher suites by OpenSLL executable under Windows:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA
RSA-PSK-AES256-GCM-SHA384
DHE-PSK-AES256-GCM-SHA384
RSA-PSK-CHACHA20-POLY1305
DHE-PSK-CHACHA20-POLY1305
ECDHE-PSK-CHACHA20-POLY1305
AES256-GCM-SHA384
PSK-AES256-GCM-SHA384
PSK-CHACHA20-POLY1305
RSA-PSK-AES128-GCM-SHA256
DHE-PSK-AES128-GCM-SHA256
AES128-GCM-SHA256
PSK-AES128-GCM-SHA256
AES256-SHA256
AES128-SHA256
ECDHE-PSK-AES256-CBC-SHA384
ECDHE-PSK-AES256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA
RSA-PSK-AES256-CBC-SHA384
DHE-PSK-AES256-CBC-SHA384
RSA-PSK-AES256-CBC-SHA
DHE-PSK-AES256-CBC-SHA
AES256-SHA
PSK-AES256-CBC-SHA384
PSK-AES256-CBC-SHA
ECDHE-PSK-AES128-CBC-SHA256
ECDHE-PSK-AES128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA
RSA-PSK-AES128-CBC-SHA256
DHE-PSK-AES128-CBC-SHA256
RSA-PSK-AES128-CBC-SHA
DHE-PSK-AES128-CBC-SHA
AES128-SHA
PSK-AES128-CBC-SHA256
PSK-AES128-CBC-SHA


Supported cipher suites by OpenSLL executable under Ubuntu:
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
SRP-DSS-AES-256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
PSK-AES256-CBC-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
SRP-DSS-3DES-EDE-CBC-SHA
SRP-RSA-3DES-EDE-CBC-SHA
SRP-3DES-EDE-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
DES-CBC3-SHA
PSK-3DES-EDE-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
SRP-DSS-AES-128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DHE-RSA-SEED-SHA
DHE-DSS-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
SEED-SHA
CAMELLIA128-SHA
PSK-AES128-CBC-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
PSK-RC4-SHA
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA

marco.kemper
Posts: 6
Joined: Wed, 2017-06-14, 11:00

Re: DCMTK on visual studio 2017 with ssl

#11 Post by marco.kemper »

Hi,

already found out what was happening, when using the same version of the OpenSSL library (1.1.0f) under Ubuntu, the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” was also not supported anymore.

Meaning that to be able to support a DICOM security profile, you may need to use an older version of OpenSSL.

With kind regards,
Marco

Michael Onken
DCMTK Developer
Posts: 2048
Joined: Fri, 2004-11-05, 13:47
Location: Oldenburg, Germany
Contact:

Re: DCMTK on visual studio 2017 with ssl

#12 Post by Michael Onken »

Hi,

I think using an old OpenSSL version is not a good idea. Is it possible to configure OpenSSL during build? Did you try/check LibreSSL?

Best,
Michael

Marco Eichelberg
OFFIS DICOM Team
OFFIS DICOM Team
Posts: 1437
Joined: Tue, 2004-11-02, 17:22
Location: Oldenburg, Germany
Contact:

Re: DCMTK on visual studio 2017 with ssl

#13 Post by Marco Eichelberg »

The following post https://www.openssl.org/blog/blog/2016/08/24/sweet32/ explains the issue: Starting with OpenSSL 1.1.0, support for the 3DES ciphers is disabled by default.
OpenSSL has to be configured with the “enable-weak-ssl-ciphers” option before compiling to re-active 3DES support. I guess we should provide updated DCMTK TLS binaries that have support for 3DES enabled, because as you correctly mention this is still used in the DICOM basic secure profile.

marco.kemper
Posts: 6
Joined: Wed, 2017-06-14, 11:00

Re: DCMTK on visual studio 2017 with ssl

#14 Post by marco.kemper »

Hi Marco,

that probably would be the best solution. Even when enable-weak-ssl-ciphers is set to true, you will still have full control on which cipher suites to support in your software.

Regards,
Marco

P.S. For now, this is not an issue anymore for us, would of course help future implementations based on DCMTK.

amal.jesudas
Posts: 36
Joined: Tue, 2017-12-19, 11:49

Re: DCMTK on visual studio 2017 with ssl

#15 Post by amal.jesudas »

<Post moved to : Openssl cipher suites>
Last edited by amal.jesudas on Fri, 2018-02-16, 02:44, edited 3 times in total.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest