dcmtls: security extensions for the network library

This module contains classes that implement DICOM network communication tunneled through a Transport Layer Security (TLS) connection, conforming to the DICOM "Security Enhancements One" extension (formerly Supplement 31). This module requires the external OpenSSL library.

The main interface classes are:

• DcmTLSTransportLayer
• DcmTLSConnection

Files

The following files provide further documentation:

• ciphers.txt file
• randseed.txt file

Examples

The following example shows a code fragment that enables TLS for an association requestor application. The complete network initialization code is not shown here and most error checking code is omitted for brevity.

T_ASC_Network *net;        // network initialization code not shown,
T_ASC_Parameters *params;  // we just assume these pointers to be valid

DcmTLSTransportLayer::initializeOpenSSL(); // initialize OpenSSL library

// create TLS object that initializes the random generator through a file
// "random.dat" containing random data (1 kByte is sufficient).
DcmTLSTransportLayer *tLayer = new DcmTLSTransportLayer(
  NET_REQUESTOR, "random.dat");

if (TCS_ok != tLayer->setPrivateKeyFile("privkey.pem", SSL_FILETYPE_PEM))
{
  cerr << "unable to load private key" << endl;
  return;
}
if (TCS_ok != tLayer->setCertificateFile("certificate.pem", SSL_FILETYPE_PEM))
{
  cerr << "unable to load certificate" << endl;
  return;
}

// enable the ciphersuites for the BCP 195 secure transport profile
tLayer->setTLSProfile(TSP_Profile_BCP195);
tLayer->activateCipherSuites();

// accept any certificate from the remote site (not recommended)
tLayer->setCertificateVerification(DCV_ignoreCertificate);

// register and activate TLS layer
ASC_setTransportLayer(net, tLayer, 1);
ASC_setTransportLayerType(params, 1);