Project

General

Profile

Actions

Conformance #792

closed

Implement support for the new TLS Security Profiles (Supplement 204)

Added by Marco Eichelberg almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Library and Apps
Target version:
-
Start date:
2017-09-26
Due date:
% Done:

100%

Estimated time:
Module:
dcmtls
Operating System:
Compiler:

Description

Two new Secure Connection profiles are added to make DICOM consistent with the latest RFCs and best practices for TLS security. These are:

  1. A Best Practices TLS Profile that requires compliance with the IETF BCP 195 Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). This profile requires that TLS negotiation start with the strong security protection parameters, and allows progressive negotiation of weaker protection down to a minimum protection limit.
  2. A Non-Downgrading Best Practices TLS Profile that does not permit negotiation of weaker protections. This profile will refuse a connection that is not the initial strong level of protection.
    The old Basic TLS Secure Transport Connection Profile is retired. IETF considers it inadequate security, because the methods for breaking in are well known. Implementations that use it will not interoperate with the Best Practices TLS Profile.

The old AES TLS Secure Transport Connection Profile is retired. Implementations that use it will not interoperate with the Non-Downgrading Best Practices TLS Profile. Implementations that use it will interoperate with the Best Practices TLS Profile because it is acceptable as one of the lower levels of protection that can be negotiated.


Related issues 1 (0 open1 closed)

Related to DCMTK - Feature #812: Update list of supported TLS ciphersuites in DCMTKClosed2018-02-13

Actions
Actions #1

Updated by Jörg Riesmeier over 7 years ago

  • Related to Feature #812: Update list of supported TLS ciphersuites in DCMTK added
Actions #2

Updated by Marco Eichelberg over 7 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Closed by commits #bd4f159 to #e54a53a.

Actions

Also available in: Atom PDF