Dcm4chee StoreSCP unable to start with cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA

334 views
Skip to first unread message

saritha...@gmail.com

unread,
Mar 27, 2017, 1:56:19 AM3/27/17
to dcm4che
Hi,

While performing tests for DICOM TLS,  it is found that both StoreSCP.bat and "Dcmqrscp.bat"  are  throwing errors when command is provided for the following cipher suite: "TLS_RSA_WITH_3DES_EDE_CBC_SHA ".   But it is working fine for other cipher suites like :  TLS_RSA_WITH_AES_128_CBC_SHA.
  Please help me on how to resolve this issue.  Looking forward for a quick response since this is blocking our official verification tests.Below is the error I got  for "StoreSCP".    


" C:\dcm4che-3.3.8\bin>storescp.bat --tls-cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA -b STORESCP:11112

storescp: Unsupported ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA

java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA

        at sun.security.ssl.CipherSuite.valueOf(Unknown Source)

        at sun.security.ssl.CipherSuiteList.<init>(Unknown Source)

        at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)

        at org.dcm4che3.net.TCPListener.createTLSServerSocket(TCPListener.java:88)

        at org.dcm4che3.net.TCPListener.<init>(TCPListener.java:68)

        at org.dcm4che3.net.Connection.bind(Connection.java:1052)

        at org.dcm4che3.net.Device.bindConnections(Device.java:846)

        at org.dcm4che3.tool.storescp.StoreSCP.main(StoreSCP.java:258)"

Thanks
Saritha

gunterze

unread,
Mar 27, 2017, 5:39:35 AM3/27/17
to dcm4che
Sounds like a problem with your JRE/JDK.

saritha...@gmail.com

unread,
Mar 27, 2017, 5:59:30 AM3/27/17
to dcm4che
Thanks for the info, Gunter.   I have tested it in 2 different systems:  One with JRE8 (  version 1.8.0_121  )  and another with JRE7 ( version 1.7.0_11).
Both cases, I got the same error.  Can you please suggest what can be done for this?

thanks
Saritha

Gunter Zeilinger

unread,
Mar 27, 2017, 6:15:00 AM3/27/17
to dcm...@googlegroups.com
Oops, you just used the wrong cipher name, it's SSL_RSA_WITH_3DES_EDE_CBC_SHA, not TLS_RSA_WITH_3DES_EDE_CBC_SHA!


--
You received this message because you are subscribed to the Google Groups "dcm4che" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+unsubscribe@googlegroups.com.
To post to this group, send email to dcm...@googlegroups.com.
Visit this group at https://groups.google.com/group/dcm4che.
For more options, visit https://groups.google.com/d/optout.

andrea...@atsmed.it

unread,
Mar 27, 2017, 6:22:15 AM3/27/17
to dcm...@googlegroups.com

Gunter Zeilinger

unread,
Mar 27, 2017, 8:39:17 AM3/27/17
to dcm...@googlegroups.com
TLS_RSA_WITH_3DES_EDE_CBC_SHA was never a valid name. It was always SSL_RSA_WITH_3DES_EDE_CBC_SHA!

On Mon, Mar 27, 2017 at 12:22 PM, <andrea...@atsmed.it> wrote:




Il giorno lunedì 27 marzo 2017 11:59:30 UTC+2, saritha...@gmail.com ha scritto:
Thanks for the info, Gunter.   I have tested it in 2 different systems:  One with JRE8 (  version 1.8.0_121  )  and another with JRE7 ( version 1.7.0_11).
Both cases, I got the same error.  Can you please suggest what can be done for this?

thanks
Saritha

On Monday, March 27, 2017 at 3:09:35 PM UTC+5:30, gunterze wrote:
Sounds like a problem with your JRE/JDK.

On Monday, March 27, 2017 at 7:56:19 AM UTC+2, saritha...@gmail.com wrote:
Hi,

While performing tests for DICOM TLS,  it is found that both StoreSCP.bat and "Dcmqrscp.bat"  are  throwing errors when command is provided for the following cipher suite: "TLS_RSA_WITH_3DES_EDE_CBC_SHA ".   But it is working fine for other cipher suites like :  TLS_RSA_WITH_AES_128_CBC_SHA.
  Please help me on how to resolve this issue.  Looking forward for a quick response since this is blocking our official verification tests.Below is the error I got  for "StoreSCP".    


" C:\dcm4che-3.3.8\bin>storescp.bat --tls-cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA -b STORESCP:11112

storescp: Unsupported ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA

java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA

        at sun.security.ssl.CipherSuite.valueOf(Unknown Source)

        at sun.security.ssl.CipherSuiteList.<init>(Unknown Source)

        at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)

        at org.dcm4che3.net.TCPListener.createTLSServerSocket(TCPListener.java:88)

        at org.dcm4che3.net.TCPListener.<init>(TCPListener.java:68)

        at org.dcm4che3.net.Connection.bind(Connection.java:1052)

        at org.dcm4che3.net.Device.bindConnections(Device.java:846)

        at org.dcm4che3.tool.storescp.StoreSCP.main(StoreSCP.java:258)"

Thanks
Saritha

saritha...@gmail.com

unread,
Mar 28, 2017, 3:09:22 AM3/28/17
to dcm4che
Hi Gunter,

TLS_RSA_WITH_3DES_EDE_CBC_SHA is mentioned in the DICOM Standard.  Please find attached the reference to this.  Kindly clarify whether this is any issue in the naming done by DICOM.

Thanks
Saritha
To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+u...@googlegroups.com.
DICOM_specifications.png

andrea...@atsmed.it

unread,
Mar 28, 2017, 6:43:50 AM3/28/17
to dcm4che
It looks like that TLS_RSA_WITH_3DES_EDE_CBC_SHA and SSL_RSA_WITH_3DES_EDE_CBC_SHA are the same encryption
http://stackoverflow.com/questions/24906448/is-tls-rsa-with-3des-ede-cbc-sha-equivalent-to-ssl-rsa-with-3des-ede-cbc-sha

Gunter Zeilinger

unread,
Mar 28, 2017, 7:45:18 AM3/28/17
to dcm...@googlegroups.com
DICOM use the RFC 4346 name, were Java use the older SSLv3 name. But it's the same. Which Protocol is used (SSLv3, TLSv1.x) is not specified by the Cipher Suite, apart from that not each Cipher Suite can be used with each protocol.

To unsubscribe from this group and stop receiving emails from it, send an email to dcm4che+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages