DCMQRSCP with SSL/TLS
187 views
Skip to first unread message
Tatsuaki
Oct 25, 2022, 1:24:16 AM10/25/22
to dcm4che
Hi, Vrinda
I would like to test dicom communication with tls settings.
My environment is;
Test procedures;
Senario 1 :Use with mykey and mycacert
my command;
(from cdm win1)
>dcmqrscp -b DCMQRSCP:11112 --dicomdir ./tls-test/DICOMDIR --key-pass secret_key --key-store mykey.p12 --key-store-pass secret_key --trust-store mycacert.p12 --trust-store-pass secret_cacert --tls-noauth --tls --tls13
(from cdm win2)
>"C:\Program Files\dcm4che-5.29.0\bin\storescu" -c DCMQRSCP@localhost:11112 C:\Users\tatsu\Desktop\sample --key-pass secret_key --key-store mykey.p12 --key-store-pass secret_key --trust-store mycacert.p12 --trust-store-pass secret_cacert --tls-noauth --tls --tls13
Results
Scanning files to send
...............
Scanned 15 files in 0.154s (=10ms/file)
13:56:17.436 INFO - Initiate connection from 0.0.0.0/0.0.0.0:0 to localhost:11112
storescu: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
at org.dcm4che3.net.Connection.createTLSSocket(Connection.java:1190)
at org.dcm4che3.net.Connection.connect(Connection.java:1077)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:648)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:668)
at org.dcm4che3.tool.storescu.StoreSCU.open(StoreSCU.java:542)
at org.dcm4che3.tool.storescu.StoreSCU.main(StoreSCU.java:285)
Senario 2 :Use default key and cacert
(from cdm win1)
>dcmqrscp -b DCMQRSCP:11112 --dicomdir ./tls-test/DICOMDIR --tls --tls13
(from cmd win2)
>"C:\Program Files\dcm4che-5.29.0\bin\storescu" -c DCMQRSCP@localhost:11112 C:\Users\tatsu\Desktop\sample --tls --tls13
Result
Scanning files to send
...............
Scanned 15 files in 0.159s (=10ms/file)
13:58:58.950 INFO - Initiate connection from 0.0.0.0/0.0.0.0:0 to localhost:11112
storescu: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
at org.dcm4che3.net.Connection.createTLSSocket(Connection.java:1190)
at org.dcm4che3.net.Connection.connect(Connection.java:1077)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:648)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:668)
at org.dcm4che3.tool.storescu.StoreSCU.open(StoreSCU.java:542)
at org.dcm4che3.tool.storescu.StoreSCU.main(StoreSCU.java:285)
It would be helpful if you could tell me how to do this correctly.
I would like to test dicom communication with tls settings.
My environment is;
- win11
- dcm4che 5.29.0
- java jdk 8
Test procedures;
- run dcmqrscp with tls, then,
- run storescu with tls
my command;
(from cdm win1)
>dcmqrscp -b DCMQRSCP:11112 --dicomdir ./tls-test/DICOMDIR --key-pass secret_key --key-store mykey.p12 --key-store-pass secret_key --trust-store mycacert.p12 --trust-store-pass secret_cacert --tls-noauth --tls --tls13
(from cdm win2)
>"C:\Program Files\dcm4che-5.29.0\bin\storescu" -c DCMQRSCP@localhost:11112 C:\Users\tatsu\Desktop\sample --key-pass secret_key --key-store mykey.p12 --key-store-pass secret_key --trust-store mycacert.p12 --trust-store-pass secret_cacert --tls-noauth --tls --tls13
Results
Scanning files to send
...............
Scanned 15 files in 0.154s (=10ms/file)
13:56:17.436 INFO - Initiate connection from 0.0.0.0/0.0.0.0:0 to localhost:11112
storescu: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
at org.dcm4che3.net.Connection.createTLSSocket(Connection.java:1190)
at org.dcm4che3.net.Connection.connect(Connection.java:1077)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:648)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:668)
at org.dcm4che3.tool.storescu.StoreSCU.open(StoreSCU.java:542)
at org.dcm4che3.tool.storescu.StoreSCU.main(StoreSCU.java:285)
Senario 2 :Use default key and cacert
(from cdm win1)
>dcmqrscp -b DCMQRSCP:11112 --dicomdir ./tls-test/DICOMDIR --tls --tls13
(from cmd win2)
>"C:\Program Files\dcm4che-5.29.0\bin\storescu" -c DCMQRSCP@localhost:11112 C:\Users\tatsu\Desktop\sample --tls --tls13
Result
Scanning files to send
...............
Scanned 15 files in 0.159s (=10ms/file)
13:58:58.950 INFO - Initiate connection from 0.0.0.0/0.0.0.0:0 to localhost:11112
storescu: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170)
at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98)
at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:443)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421)
at org.dcm4che3.net.Connection.createTLSSocket(Connection.java:1190)
at org.dcm4che3.net.Connection.connect(Connection.java:1077)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:648)
at org.dcm4che3.net.ApplicationEntity.connect(ApplicationEntity.java:668)
at org.dcm4che3.tool.storescu.StoreSCU.open(StoreSCU.java:542)
at org.dcm4che3.tool.storescu.StoreSCU.main(StoreSCU.java:285)
It would be helpful if you could tell me how to do this correctly.
Tatsuaki
Vrinda Nayak
Oct 25, 2022, 5:22:50 AM10/25/22
to dcm4che
I have made use of default keystores and truststores (with default passwords) just to indicate how to invoke these using the tools. You would need to replace them with your files / values.
Additionally, also added dcmdir tool log to verify contents of DICOMDIR created / updated on starting dcmqrscp tool. (See attached log files)
Tatsunidas
Oct 25, 2022, 7:19:30 PM10/25/22
to dcm...@googlegroups.com
Thank you very much, Vrinda, your log files are useful for me.
Maybe, My problem is mykey.p12 and mycacerts.p12 files.
These files were created by openssl 3.0.5 and formatted to aes128.
I'd like to try p12 file verification again.
Maybe, My problem is mykey.p12 and mycacerts.p12 files.
These files were created by openssl 3.0.5 and formatted to aes128.
I'd like to try p12 file verification again.
tatsuaki
2022年10月25日(火) 18:22 Vrinda Nayak <vrinda...@j4care.com>:
--
You received this message because you are subscribed to a topic in the Google Groups "dcm4che" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dcm4che/d-no_xt29X0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dcm4che+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dcm4che/f99bbe33-5a1b-4602-9502-5856225ece00n%40googlegroups.com.
==========================================
Tatsuaki KOBAYASHI
==========================================
Tatsunidas
Oct 26, 2022, 3:25:31 AM10/26/22
to dcm...@googlegroups.com
Hi, Vrinda
Finally, I could run dcmqrscp with tls configuration.
I wrote this article to describe how to do it.
Thank you.
2022年10月26日(水) 8:19 Tatsunidas <chok...@gmail.com>:
Reply all
Reply to author
Forward
0 new messages