Project

General

Profile

Actions

Bug #799

closed

DCMTK 3.6.2 TLS binaries for Windows do not support 3DES

Added by Marco Eichelberg almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
High
Assignee:
Jan Schlamelcher
Category:
Application
Target version:
Start date:
2017-11-03
Due date:
% Done:

100%

Estimated time:
Module:
Operating System:
Windows
Compiler:

Description

The TLS-enabled Windows binaries for DCMTK 3.6.2 have been compiled with OpenSSL 1.1.0.
OpenSSL 1.1.0 by default does not support 3DES ciphers anymore, these have to be explicitly enabled at compile time by configuring OpenSSL with the “enable-weak-ssl-ciphers” option.
However, the DICOM Basic Security Profile still uses 3DES (TLS_RSA_WITH_3DES_EDE_CBC_SHA), therefore updated binaries with enabled 3DES support should be provided
(and the internal OpenSSL nightly build should be adapted accordingly).

See also: https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Actions #1

Updated by Jan Schlamelcher over 7 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

The OpenSSL binaries for release 3.6.3 were built with the “enable-weak-ssl-ciphers” option and the Windows DCMTK binaries have be built using these OpenSSL binaries. Tests showed that DCMTK binaies don't need to be recompiled for enabling TLS_RSA_WITH_3DES_EDE_CBC_SHA anyway, replacing the OpenSSL DLLs is sufficient.

Actions

Also available in: Atom PDF