I would wonder if Osirix/Horos clients still use SSLv2.
dcm4chee v2 archive supports SSLv3, TLSv1, TLSv1.1, TLSv1.2 according the used JDK version.
You may specify JAVA_OPTS=-Djavax.net.debug=ssl:handshake to log the TLS handshake:
$ JAVA_OPTS=-Djavax.net.debug=ssl:handshake storescu --tls -c DCM4CHEE@localhost:2762
:
13:36:21,510 INFO - Initiate connection from
0.0.0.0/0.0.0.0:0 to localhost:2762
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1532518325 bytes = { 184, 111, 206, 151, 94, 18, 105, 219, 254, 153, 171, 99, 135, 201, 231, 171, 26, 87, 7, 131, 168, 34, 73, 4, 196, 137, 100, 64 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_NULL_SHA, TLS_RSA_WITH_AES_128_CBC_SHA]
Compression Methods: { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
***
main, WRITE: TLSv1.2 Handshake, length = 90
main, READ: TLSv1.2 Handshake, length = 1846
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1532518325 bytes = { 41, 166, 30, 34, 179, 129, 107, 148, 29, 176, 34, 246, 168, 111, 128, 28, 126, 228, 111, 152, 167, 245, 100, 96, 242, 157, 213, 194 }
Session ID: {91, 88, 96, 181, 197, 198, 80, 251, 241, 178, 124, 190, 24, 53, 226, 180, 209, 136, 153, 235, 105, 237, 99, 84, 46, 144, 66, 139, 171, 91, 220, 82}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=PACS_J4C, O=J4CARE, C=AT
Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13
Key: Sun RSA public key, 1024 bits
modulus: 100595804898323678464261791263808665134601464835557806492092791766628843511922322340875962969819974828352457623925249275642115624311323157942243034414021628019889752552536825647433127476695123678546585935177617461955631438185033275903355128473487603609602404191136708535483766451074867954067752562750350921733
public exponent: 65537
Validity: [From: Sun Apr 02 08:38:46 CEST 2017,
To: Fri Apr 02 08:38:46 CEST 2027]
Issuer: CN=IHE Europe CA, O=IHE Europe, C=FR
SerialNumber: [ 0586]
:
]
chain [1] = [
[
Version: V3
Subject: CN=IHE Europe CA, O=IHE Europe, C=FR
Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13
Key: Sun RSA public key, 1024 bits
:
]
***
Found trusted certificate:
[
[
Version: V3
Subject: CN=IHE Europe CA, O=IHE Europe, C=FR
Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13
:
]
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Cert Authorities:
<CN=IHE Europe CA, O=IHE Europe, C=FR>
*** ServerHelloDone
matching alias: dcm4che-tools
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=dcm4che-tools, O=
dcm4che.org, C=AT
Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13
:
]
chain [1] = [
[
Version: V3
Subject: CN=IHE Europe CA, O=IHE Europe, C=FR
Signature Algorithm: SHA512withRSA, OID = 1.2.840.113549.1.1.13
:
]
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
main, WRITE: TLSv1.2 Handshake, length = 1801
:
*** CertificateVerify
Signature Algorithm SHA512withRSA
main, WRITE: TLSv1.2 Handshake, length = 136
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 37, 8, 84, 117, 25, 226, 13, 31, 2, 137, 162, 239 }
***
main, WRITE: TLSv1.2 Handshake, length = 64
main, READ: TLSv1.2 Change Cipher Spec, length = 1
main, READ: TLSv1.2 Handshake, length = 64
*** Finished
verify_data: { 27, 17, 46, 241, 30, 188, 41, 180, 41, 140, 92, 203 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
13:36:21,800 INFO - Established connection 22a71081[TLS_RSA_WITH_AES_128_CBC_SHA: Socket[addr=localhost/
127.0.0.1,port=2762,localport=54241]]
13:36:21,810 DEBUG - /127.0.0.1:54241->localhost/127.0.0.1:2762(1): enter state: Sta4 - Awaiting transport connection opening to complete
13:36:21,810 INFO - STORESCU->DCM4CHEE(1) << A-ASSOCIATE-RQ
13:36:21,817 DEBUG - A-ASSOCIATE-RQ[
calledAET: DCM4CHEE
callingAET: STORESCU
applicationContext: 1.2.840.10008.3.1.1.1 - DICOM Application Context Name
implClassUID: 1.2.40.0.13.1.3
implVersionName: dcm4che-5.14.0
maxPDULength: 16378
maxOpsInvoked/maxOpsPerformed: 0/0
PresentationContext[id: 1
as: 1.2.840.10008.1.1 - Verification SOP Class
ts: 1.2.840.10008.1.2 - Implicit VR Little Endian
]
]
13:36:21,818 DEBUG - STORESCU->DCM4CHEE(1): enter state: Sta5 - Awaiting A-ASSOCIATE-AC or A-ASSOCIATE-RJ PDU
main, WRITE: TLSv1.2 Application Data, length = 256
pool-1-thread-1, READ: TLSv1.2 Application Data, length = 224
13:36:21,824 INFO - STORESCU->DCM4CHEE(1) >> A-ASSOCIATE-AC
13:36:21,824 DEBUG - A-ASSOCIATE-AC[
calledAET: DCM4CHEE
callingAET: STORESCU
applicationContext: 1.2.840.10008.3.1.1.1 - DICOM Application Context Name
implClassUID: 1.2.40.0.13.1.3
implVersionName: dcm4che-5.14.0
maxPDULength: 16378
maxOpsInvoked/maxOpsPerformed: 0/0
PresentationContext[id: 1
result: 0 - acceptance
ts: 1.2.840.10008.1.2 - Implicit VR Little Endian
]
]
13:36:21,824 DEBUG - STORESCU->DCM4CHEE(1): enter state: Sta6 - Association established and ready for data transfer
Connected to DCM4CHEE in 317ms
13:36:21,841 INFO - STORESCU->DCM4CHEE(1) << 1:C-ECHO-RQ[pcid=1
cuid=1.2.840.10008.1.1 - Verification SOP Class
tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian
13:36:21,865 DEBUG - Command:
(0000,0002) UI [1.2.840.10008.1.1] AffectedSOPClassUID
(0000,0100) US [48] CommandField
(0000,0110) US [1] MessageID
(0000,0800) US [257] CommandDataSetType
main, WRITE: TLSv1.2 Application Data, length = 128
pool-1-thread-1, READ: TLSv1.2 Application Data, length = 128
13:36:21,885 INFO - STORESCU->DCM4CHEE(1) >> 1:C-ECHO-RSP[pcid=1, status=0H
cuid=1.2.840.10008.1.1 - Verification SOP Class
tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian
13:36:21,885 DEBUG - Command:
(0000,0002) UI [1.2.840.10008.1.1] AffectedSOPClassUID
(0000,0100) US [32816] CommandField
(0000,0120) US [1] MessageIDBeingRespondedTo
(0000,0800) US [257] CommandDataSetType
(0000,0900) US [0] Status
13:36:21,885 INFO - STORESCU->DCM4CHEE(1) << A-RELEASE-RQ
13:36:21,885 DEBUG - STORESCU->DCM4CHEE(1): enter state: Sta7 - Awaiting A-RELEASE-RP PDU
main, WRITE: TLSv1.2 Application Data, length = 48
pool-1-thread-1, READ: TLSv1.2 Application Data, length = 48
13:36:21,886 INFO - STORESCU->DCM4CHEE(1) >> A-RELEASE-RP
13:36:21,886 INFO - STORESCU->DCM4CHEE(1): close 22a71081[TLS_RSA_WITH_AES_128_CBC_SHA: Socket[addr=localhost/
127.0.0.1,port=2762,localport=54241]]
pool-1-thread-1, called close()
pool-1-thread-1, called closeInternal(true)
pool-1-thread-1, SEND TLSv1.2 ALERT: warning, description = close_notify
pool-1-thread-1, WRITE: TLSv1.2 Alert, length = 48
pool-1-thread-1, called closeSocket(true)
13:36:21,887 DEBUG - STORESCU->DCM4CHEE(1): enter state: Sta1 - Idle