DICOM TLS Options dialog box
A TLS configuration panel is available where you can configure the related fields.
The SCP and SCU options support TLS configuration on the DICOM Protocol Properties dialog box.
If
is selected in Peer Authentication, then these are required:- CA Path
- CA File
- Certificate File
- Private Key
- Password
Peer Authentication
The peer certificate is checked when
is selected.When
is selected, the peer certificate is verified. Verification fails when no certificate is present.When
is selected, the peer certificate is not verified.Security Profile
Security profile cipher suites:
Security Profile | Function | Cipher suites |
---|---|---|
BCP 195 TLS | Enables TLS1.3 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA |
Non-downgrading BCP 195 TLS | Enables TLS1.3 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
Extended BCP 195 TLS | Disables TLS1.3 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_NULL_SHA |
Basic TLS Secure Transport Connection | Disables TLS1.3 | Cipher suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA |
AES TLS Secure Transport Connection | Disables TLS1.3 |
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA |
Authenticated unencrypted communication | Disables TLS1.3 |
Cipher suite: TLS_RSA_WITH_NULL_SHA If TLS1.3 is disabled and the DCMTK library compiling with OPENSSL version is OpenSSL 1.1.1 or newer, then the supported TLS protocol version is TLS1.2. In CIS 20.1.2, the DCMTK version is dcmtk-3.6.6 and compiled with openssl-1.1.1k. |
Non-downgrading BCP 195 TLS Extended BCP 195 TLS |
Disables TLS1.0 and TLS1.1 |