DCMTK on visual studio 2017 with ssl
Moderator: Moderator Team
-
- Posts: 24
- Joined: Fri, 2016-12-02, 09:51
DCMTK on visual studio 2017 with ssl
Hello,
I tried to make dcmtk for visual studio 2017. Library is compiling fine if i didn't use ssl library.
I want to use ssl and i need to recompile openssl. I recompile openssl but in bin dir it makes libcrypto-1_1.dll and libssl-1_1.dll.
In dcmtk precompiled library in bin directory is dcmtkeay.dll and dcmtkssl.dll.
What i need to do? to rename libcrypto-1_1.dll -> dcmtkeay.dll and libssl-1_1.dll ->dcmtkssl.dll ?
thanks
I tried to make dcmtk for visual studio 2017. Library is compiling fine if i didn't use ssl library.
I want to use ssl and i need to recompile openssl. I recompile openssl but in bin dir it makes libcrypto-1_1.dll and libssl-1_1.dll.
In dcmtk precompiled library in bin directory is dcmtkeay.dll and dcmtkssl.dll.
What i need to do? to rename libcrypto-1_1.dll -> dcmtkeay.dll and libssl-1_1.dll ->dcmtkssl.dll ?
thanks
-
- OFFIS DICOM Team
- Posts: 318
- Joined: Mon, 2014-03-03, 09:51
- Location: Oldenburg, Germany
Re: DCMTK on visual studio 2017 with ssl
It is appropriate to try that on the first of April, since compiling OpenSSL under Windows seems like an April fools joke (a bad one). We have a page in our internal Wiki that a colleague wrote when he figured out how to build OpenSSL for Windows. I could provide it as a PDF, it is in German though. Alternatively, you may give LibreSSL a try.
-
- Posts: 24
- Joined: Fri, 2016-12-02, 09:51
Re: DCMTK on visual studio 2017 with ssl
Thank,
Can you provide me that pdf at email adress redacted?
Thanks
Can you provide me that pdf at email adress redacted?
Thanks
-
- OFFIS DICOM Team
- Posts: 318
- Joined: Mon, 2014-03-03, 09:51
- Location: Oldenburg, Germany
Re: DCMTK on visual studio 2017 with ssl
I've just sent it to your email address.
-
- Posts: 6
- Joined: Wed, 2017-06-14, 11:00
Re: DCMTK on visual studio 2017 with ssl
Hi,
could you also send me this pdf, as my colleague is also trying to make this work using openssl and dcmtk 3.6.2?
Thanks in advance,
Marco Kemper
ict.nl
could you also send me this pdf, as my colleague is also trying to make this work using openssl and dcmtk 3.6.2?
Thanks in advance,
Marco Kemper
ict.nl
-
- OFFIS DICOM Team
- Posts: 318
- Joined: Mon, 2014-03-03, 09:51
- Location: Oldenburg, Germany
Re: DCMTK on visual studio 2017 with ssl
Please note that the tutorial does not really apply for newer versions of OpenSSL (but can still be used to get some ideas).
-
- Posts: 6
- Joined: Wed, 2017-06-14, 11:00
Re: DCMTK on visual studio 2017 with ssl
Hi Jan,
thanks for the clarification, will let you know whether it works when we start with the security story in our project.
With kind regards,
Marco
thanks for the clarification, will let you know whether it works when we start with the security story in our project.
With kind regards,
Marco
-
- OFFIS DICOM Team
- Posts: 318
- Joined: Mon, 2014-03-03, 09:51
- Location: Oldenburg, Germany
Re: DCMTK on visual studio 2017 with ssl
Btw, you saw these, right? Did we miss to create binaries for your specific Compiler/Settings? If so, I might be able to add them (the files are auto generated using a script; I'm also thinking about making the script public but it would need some polishing first).
-
- Posts: 6
- Joined: Wed, 2017-06-14, 11:00
Re: DCMTK on visual studio 2017 with ssl
Hi Jan,
sorry for the late reply
We did not know about these binaries, so your reply did help us, thanks!
We are now using one of the versions of the libs and header files (so no need for another version), that has saved us time.
With kind regards,
Marco
sorry for the late reply
We did not know about these binaries, so your reply did help us, thanks!
We are now using one of the versions of the libs and header files (so no need for another version), that has saved us time.
With kind regards,
Marco
-
- Posts: 6
- Joined: Wed, 2017-06-14, 11:00
Re: DCMTK on visual studio 2017 with ssl
Hi,
I have one question about the binaries you supplied.
When we use the OpenSSL binaries under Windows compiled by Offis (that one supplied using the link in this posting), the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” (defined as "DES-CBC3-SHA" in OpenSSL) is not supported (and this just happens to be the one we need for the DICOM secure profile). This is supported when we use the source code of the same version of DCMTK/OpenSSL under Ubuntu.
Any ideas why?
See below for what the openssl executable reports under Windows and Ubuntu.
Regards,
Marco Kemper
----------------------
Supported cipher suites by OpenSLL executable under Windows:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA
RSA-PSK-AES256-GCM-SHA384
DHE-PSK-AES256-GCM-SHA384
RSA-PSK-CHACHA20-POLY1305
DHE-PSK-CHACHA20-POLY1305
ECDHE-PSK-CHACHA20-POLY1305
AES256-GCM-SHA384
PSK-AES256-GCM-SHA384
PSK-CHACHA20-POLY1305
RSA-PSK-AES128-GCM-SHA256
DHE-PSK-AES128-GCM-SHA256
AES128-GCM-SHA256
PSK-AES128-GCM-SHA256
AES256-SHA256
AES128-SHA256
ECDHE-PSK-AES256-CBC-SHA384
ECDHE-PSK-AES256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA
RSA-PSK-AES256-CBC-SHA384
DHE-PSK-AES256-CBC-SHA384
RSA-PSK-AES256-CBC-SHA
DHE-PSK-AES256-CBC-SHA
AES256-SHA
PSK-AES256-CBC-SHA384
PSK-AES256-CBC-SHA
ECDHE-PSK-AES128-CBC-SHA256
ECDHE-PSK-AES128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA
RSA-PSK-AES128-CBC-SHA256
DHE-PSK-AES128-CBC-SHA256
RSA-PSK-AES128-CBC-SHA
DHE-PSK-AES128-CBC-SHA
AES128-SHA
PSK-AES128-CBC-SHA256
PSK-AES128-CBC-SHA
Supported cipher suites by OpenSLL executable under Ubuntu:
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
SRP-DSS-AES-256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
PSK-AES256-CBC-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
SRP-DSS-3DES-EDE-CBC-SHA
SRP-RSA-3DES-EDE-CBC-SHA
SRP-3DES-EDE-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
DES-CBC3-SHA
PSK-3DES-EDE-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
SRP-DSS-AES-128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DHE-RSA-SEED-SHA
DHE-DSS-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
SEED-SHA
CAMELLIA128-SHA
PSK-AES128-CBC-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
PSK-RC4-SHA
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
I have one question about the binaries you supplied.
When we use the OpenSSL binaries under Windows compiled by Offis (that one supplied using the link in this posting), the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” (defined as "DES-CBC3-SHA" in OpenSSL) is not supported (and this just happens to be the one we need for the DICOM secure profile). This is supported when we use the source code of the same version of DCMTK/OpenSSL under Ubuntu.
Any ideas why?
See below for what the openssl executable reports under Windows and Ubuntu.
Regards,
Marco Kemper
----------------------
Supported cipher suites by OpenSLL executable under Windows:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-SHA
RSA-PSK-AES256-GCM-SHA384
DHE-PSK-AES256-GCM-SHA384
RSA-PSK-CHACHA20-POLY1305
DHE-PSK-CHACHA20-POLY1305
ECDHE-PSK-CHACHA20-POLY1305
AES256-GCM-SHA384
PSK-AES256-GCM-SHA384
PSK-CHACHA20-POLY1305
RSA-PSK-AES128-GCM-SHA256
DHE-PSK-AES128-GCM-SHA256
AES128-GCM-SHA256
PSK-AES128-GCM-SHA256
AES256-SHA256
AES128-SHA256
ECDHE-PSK-AES256-CBC-SHA384
ECDHE-PSK-AES256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA
RSA-PSK-AES256-CBC-SHA384
DHE-PSK-AES256-CBC-SHA384
RSA-PSK-AES256-CBC-SHA
DHE-PSK-AES256-CBC-SHA
AES256-SHA
PSK-AES256-CBC-SHA384
PSK-AES256-CBC-SHA
ECDHE-PSK-AES128-CBC-SHA256
ECDHE-PSK-AES128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA
RSA-PSK-AES128-CBC-SHA256
DHE-PSK-AES128-CBC-SHA256
RSA-PSK-AES128-CBC-SHA
DHE-PSK-AES128-CBC-SHA
AES128-SHA
PSK-AES128-CBC-SHA256
PSK-AES128-CBC-SHA
Supported cipher suites by OpenSLL executable under Ubuntu:
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
SRP-DSS-AES-256-CBC-SHA
SRP-RSA-AES-256-CBC-SHA
SRP-AES-256-CBC-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
PSK-AES256-CBC-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
SRP-DSS-3DES-EDE-CBC-SHA
SRP-RSA-3DES-EDE-CBC-SHA
SRP-3DES-EDE-CBC-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
DES-CBC3-SHA
PSK-3DES-EDE-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
SRP-DSS-AES-128-CBC-SHA
SRP-RSA-AES-128-CBC-SHA
SRP-AES-128-CBC-SHA
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DHE-RSA-SEED-SHA
DHE-DSS-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
SEED-SHA
CAMELLIA128-SHA
PSK-AES128-CBC-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
PSK-RC4-SHA
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
-
- Posts: 6
- Joined: Wed, 2017-06-14, 11:00
Re: DCMTK on visual studio 2017 with ssl
Hi,
already found out what was happening, when using the same version of the OpenSSL library (1.1.0f) under Ubuntu, the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” was also not supported anymore.
Meaning that to be able to support a DICOM security profile, you may need to use an older version of OpenSSL.
With kind regards,
Marco
already found out what was happening, when using the same version of the OpenSSL library (1.1.0f) under Ubuntu, the cipher suite “TLS_RSA_WITH_3DES_EDE_CBC_SHA” was also not supported anymore.
Meaning that to be able to support a DICOM security profile, you may need to use an older version of OpenSSL.
With kind regards,
Marco
-
- DCMTK Developer
- Posts: 2052
- Joined: Fri, 2004-11-05, 13:47
- Location: Oldenburg, Germany
- Contact:
Re: DCMTK on visual studio 2017 with ssl
Hi,
I think using an old OpenSSL version is not a good idea. Is it possible to configure OpenSSL during build? Did you try/check LibreSSL?
Best,
Michael
I think using an old OpenSSL version is not a good idea. Is it possible to configure OpenSSL during build? Did you try/check LibreSSL?
Best,
Michael
-
- OFFIS DICOM Team
- Posts: 1449
- Joined: Tue, 2004-11-02, 17:22
- Location: Oldenburg, Germany
- Contact:
Re: DCMTK on visual studio 2017 with ssl
The following post https://www.openssl.org/blog/blog/2016/08/24/sweet32/ explains the issue: Starting with OpenSSL 1.1.0, support for the 3DES ciphers is disabled by default.
OpenSSL has to be configured with the “enable-weak-ssl-ciphers” option before compiling to re-active 3DES support. I guess we should provide updated DCMTK TLS binaries that have support for 3DES enabled, because as you correctly mention this is still used in the DICOM basic secure profile.
OpenSSL has to be configured with the “enable-weak-ssl-ciphers” option before compiling to re-active 3DES support. I guess we should provide updated DCMTK TLS binaries that have support for 3DES enabled, because as you correctly mention this is still used in the DICOM basic secure profile.
-
- Posts: 6
- Joined: Wed, 2017-06-14, 11:00
Re: DCMTK on visual studio 2017 with ssl
Hi Marco,
that probably would be the best solution. Even when enable-weak-ssl-ciphers is set to true, you will still have full control on which cipher suites to support in your software.
Regards,
Marco
P.S. For now, this is not an issue anymore for us, would of course help future implementations based on DCMTK.
that probably would be the best solution. Even when enable-weak-ssl-ciphers is set to true, you will still have full control on which cipher suites to support in your software.
Regards,
Marco
P.S. For now, this is not an issue anymore for us, would of course help future implementations based on DCMTK.
-
- Posts: 36
- Joined: Tue, 2017-12-19, 11:49
Re: DCMTK on visual studio 2017 with ssl
<Post moved to : Openssl cipher suites>
Last edited by amal.jesudas on Fri, 2018-02-16, 02:44, edited 3 times in total.
Who is online
Users browsing this forum: No registered users and 1 guest