DcmTLS configuration options

[Walco van Loon]

Hi,

I checked configuration options and source code, is it correct that it is currently not possible to configure DCM TLS with a minimum TLS version (1.2 and up) and a restricted cipher set, therefore relying on the dcmtk defaults?

A quick test revealed TLS 1.0 and 1.1 are not accepted, so probably the dcmtk defaults are reviewed and updated frequently. It would be nice to have a bit more control though.

Regards

Walco

[Alain Mazy]

Hi Walco,

I quickly checked the DCMTK code and it seems that it enables all TLS versions up to 1.2.

Could you share a few test command/script that would demonstrate what you exactly want to achieve ?

Best regards,

Alain.

--
You received this message because you are subscribed to the Google Groups "Orthanc Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orthanc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orthanc-users/d71dac7f-d3b4-47a3-bb09-69452b8117acn%40googlegroups.com.

[Alain Mazy]

Hi Walco,

For the record, pasting here the info you sent me through a private message:

"""

My goal is to configure Orthanc such that a secure TLS version and cipher is negotiated.

 

To, test I ran sslscan localhost:4242, but openssl s_client -connect localhost:4242 -tls1 should result in a handshake failure as well.

"""

At this point, I'm adding a TODO in Orthanc but no idea when this will be implemented:  https://hg.orthanc-server.com/orthanc/rev/feeb73a7456a