Bug #799: DCMTK 3.6.2 TLS binaries for Windows do not support 3DES - DCMTK - OFFIS DCMTK and DICOM Projects

Actions

Copy link

Bug #799

closed

DCMTK 3.6.2 TLS binaries for Windows do not support 3DES

Added by Marco Eichelberg almost 8 years ago. Updated over 7 years ago.

Status:

Closed

Priority:

High

Assignee:

Jan Schlamelcher

Category:

Application

Target version:

3.6.3

Start date:

2017-11-03

Due date:

% Done:

100%

Estimated time:

Module:

Operating System:

Windows

Compiler:

Description

The TLS-enabled Windows binaries for DCMTK 3.6.2 have been compiled with OpenSSL 1.1.0.
OpenSSL 1.1.0 by default does not support 3DES ciphers anymore, these have to be explicitly enabled at compile time by configuring OpenSSL with the “enable-weak-ssl-ciphers” option.
However, the DICOM Basic Security Profile still uses 3DES (TLS_RSA_WITH_3DES_EDE_CBC_SHA), therefore updated binaries with enabled 3DES support should be provided
(and the internal OpenSSL nightly build should be adapted accordingly).

See also: https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Actions

Copy link

Updated by Jan Schlamelcher over 7 years ago

Status changed from New to Closed
% Done changed from 0 to 100

The OpenSSL binaries for release 3.6.3 were built with the “enable-weak-ssl-ciphers” option and the Windows DCMTK binaries have be built using these OpenSSL binaries. Tests showed that DCMTK binaies don't need to be recompiled for enabling TLS_RSA_WITH_3DES_EDE_CBC_SHA anyway, replacing the OpenSSL DLLs is sufficient.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

DCMTK

Bug #799

DCMTK 3.6.2 TLS binaries for Windows do not support 3DES

Updated by Jan Schlamelcher over 7 years ago