Actions
Conformance #792
closed
Implement support for the new TLS Security Profiles (Supplement 204)
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Library and Apps
Target version:
-
Start date:
2017-09-26
Due date:
% Done:
100%
Estimated time:
Module:
dcmtls
Operating System:
Compiler:
Description
Two new Secure Connection profiles are added to make DICOM consistent with the latest RFCs and best practices for TLS security. These are:
- A Best Practices TLS Profile that requires compliance with the IETF BCP 195 Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). This profile requires that TLS negotiation start with the strong security protection parameters, and allows progressive negotiation of weaker protection down to a minimum protection limit.
- A Non-Downgrading Best Practices TLS Profile that does not permit negotiation of weaker protections. This profile will refuse a connection that is not the initial strong level of protection.
The old Basic TLS Secure Transport Connection Profile is retired. IETF considers it inadequate security, because the methods for breaking in are well known. Implementations that use it will not interoperate with the Best Practices TLS Profile.
The old AES TLS Secure Transport Connection Profile is retired. Implementations that use it will not interoperate with the Non-Downgrading Best Practices TLS Profile. Implementations that use it will interoperate with the Best Practices TLS Profile because it is acceptable as one of the lower levels of protection that can be negotiated.
Updated by Jörg Riesmeier over 7 years ago
- Related to Feature #812: Update list of supported TLS ciphersuites in DCMTK added
Updated by Marco Eichelberg over 7 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Closed by commits #bd4f159 to #e54a53a.
Actions