DICOM TLS Options dialog box

Note: The DICOM TLS Options dialog box is similar to the TCP/IP protocol's SSL dialog box. See TCP/IP protocol.

A TLS configuration panel is available where you can configure the related fields.

The SCP and SCU options support TLS configuration on the DICOM Protocol Properties dialog box.

If Require Peer Certificate is selected in Peer Authentication, then these are required:

  • CA Path
  • CA File
  • Certificate File
  • Private Key
  • Password

Peer Authentication

The peer certificate is checked when Require Peer Certificate is selected.

When Verify Peer Certificate is selected, the peer certificate is verified. Verification fails when no certificate is present.

When Ignore Peer Certificate is selected, the peer certificate is not verified.

Security Profile

Security profile cipher suites:

Security Profile Function Cipher suites
BCP 195 TLS Enables TLS1.3

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Non-downgrading BCP 195 TLS Enables TLS1.3

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Extended BCP 195 TLS Disables TLS1.3

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_NULL_SHA

Basic TLS Secure Transport Connection Disables TLS1.3 Cipher suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA
AES TLS Secure Transport Connection Disables TLS1.3

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

Authenticated unencrypted communication Disables TLS1.3

Cipher suite: TLS_RSA_WITH_NULL_SHA

If TLS1.3 is disabled and the DCMTK library compiling with OPENSSL version is OpenSSL 1.1.1 or newer, then the supported TLS protocol version is TLS1.2.

In CIS 20.1.2, the DCMTK version is dcmtk-3.6.6 and compiled with openssl-1.1.1k.

Non-downgrading BCP 195 TLS

Extended BCP 195 TLS

Disables TLS1.0 and TLS1.1