Conformance #1030: DICOM supplement 230 replaces all TLS profiles - DCMTK - OFFIS DCMTK and DICOM Projects

Actions

Copy link

Conformance #1030

closed

DICOM supplement 230 replaces all TLS profiles

Added by Marco Eichelberg about 3 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Marco Eichelberg

Category:

Library and Apps

Target version:

3.6.8

Start date:

2022-07-20

Due date:

% Done:

100%

Estimated time:

25:00 h

Module:

dcmtls

Operating System:

Compiler:

Description

With DICOM supplement 230 (in public comment as of July 2022), all existing TLS profiles will be retired and replaced by two new TLS profiles:

BCP 195 RFC 8996 TLS Secure Transport Connection Profile
Extended BCP 195 RFC 8996 TLS Secure Transport Connection Profile

This will require implementation of the new profiles in the dcmtls module and appropriate command line options in all command line tools that support TLS.

The difference between the current "Non-Downgrading BCP 195 TLS Secure Transport Connection Profile" and the new "BCP 195 RFC 8996 TLS Secure Transport Connection Profile" seem to be very small. It seems that the only differences are that TLS 1.3 must now be preferred over TLS 1.2 when both are available (which we do anyway), and that additional ciphersuites may only be supported if they are of similar or greater strength than the four default ones. (Note that this analysis is based on the public comment version, not the final text)

The differences between the two Extended profiles have to be analyzed in more detail.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

DCMTK

Conformance #1030

DICOM supplement 230 replaces all TLS profiles

Updated by Jörg Riesmeier over 2 years ago

Updated by Marco Eichelberg over 2 years ago