Hi,
I checked configuration options and source code, is it correct that it is currently not possible to configure DCM TLS with a minimum TLS version (1.2 and up) and a restricted cipher set, therefore relying on the dcmtk defaults?
A quick test revealed TLS 1.0 and 1.1 are not accepted, so probably the dcmtk defaults are reviewed and updated frequently. It would be nice to have a bit more control though.
Regards
Walco
Hi Walco,
I quickly checked the DCMTK code and it seems that it enables all TLS versions up to 1.2.
Could you share a few test command/script that would demonstrate what you exactly want to achieve ?
Best regards,
Alain.
Hi Walco,
For the record, pasting here the info you sent me through a private message:
“”"
My goal is to configure Orthanc such that a secure TLS version and cipher is negotiated.
To, test I ran sslscan localhost:4242, but openssl s_client -connect localhost:4242 -tls1 should result in a handshake failure as well.
“”"
At this point, I’m adding a TODO in Orthanc but no idea when this will be implemented: https://hg.orthanc-server.com/orthanc/rev/feeb73a7456a
Hi @walco
I have been working on DICOM TLS these days so I’m re-opening this topic.
I’m currently working on an option to select the minimum protocol version but, since we are using BCP195 profile, only TLS v1.2 and TLS v1.3 are enabled by default.
Is your intention to be able to work with older TLS versions like 1.1 or 1.0 ? Or are you actually willing to e.g disable v1.2 to keep only v1.3 ?
If you are willing to force v1.3, does it still make sense to select cipher suites manually since it seems only 2 cipher suites are proposed with TLS v1.3 ?
My intention is to keep the orthanc configuration file as simple as possible 
FYI, here’s the sslscan output once I disable TLS v1.2:
docker run --rm -it shamelesscookie/sslscan:latest host.docker.internal:4243
...
Testing SSL server host.docker.internal on port 4243 using SNI name host.docker.internal
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 disabled
TLSv1.3 enabled
...
Supported Server Cipher(s):
Preferred TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve P-256 DHE 256
Accepted TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve P-256 DHE 256
Thanks for your feedback
Alain.
Hi Alain!
Thanks for revisiting this topic!
So if we want to keep things simple, selecting on minimum protocol level is easiest I think, where selecting TLS 1.3 as the baseline has the advantage that you don’t need to worry about weak ciphers and thus the necessity of an additional allowed cipher configuration.
TLS v1.2 as a protocol is also still safe, however it defines a number of ciphers that are insecure and need to be excluded from the proposed cipher set. What does a sslscan yield if one enables TLS v1.2 ?
Regards
Walco
Here’s the output of sslscan with the default Orthanc configuration:
docker run --rm -it shamelesscookie/sslscan:latest host.docker.internal:4243
...
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 enabled
TLSv1.3 enabled
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLSv1.3 not vulnerable to heartbleed
TLSv1.2 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve P-256 DHE 256
Accepted TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve P-256 DHE 256
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 112 bits DES-CBC3-SHA
Are there any ciphers there that some users would want to disable ?
Thanks for your help,
Alain
Hi @alainmazy !
Sorry had missed this message…
Yep, these are problematic:
DHE-RSA-AES256-GCM-SHA384
DES-CBC3-SHA
DHE-RSA-AES128-GCM-SHA256
(you can check cipher suites here in general Ciphersuite Info)
Regards
Walco
Hi @walco ,
Thanks for your feedback. I have added these 2 configurations and was therefore able to disable some of the ciphers. Can you validate that this is suitable ?
Note that you can already play with it in orthancteam/orthanc-pre-release:master-unstable
// Sets the minimum accepted TLS protocol version for the DICOM server
// By default, require TLS 1.2 or 1.3. This option is only meaningful
// if "DicomTlsEnabled" is true (new in Orthanc 1.12.4).
// Note that, internally, Orthanc is configured to use the BCP195 profile
// by default. As soon as you switch to another protocol version, you
// must also provide the list of supported cipher suites.
// This configuration applies to Orthanc acting both as SCU and SCP.
// Value => Protocols
// 0 use default BCP 195 profile and default cipher suites
// 1 SSL3+TLS1.0+TLS1.1+TLS1.2+TLS1.3
// 2 TLS1.0+TLS1.1+TLS1.2+TLS1.3
// 3 TLS1.1+TLS1.2+TLS1.3
// 4 TLS1.2+TLS1.3
// 5 TLS1.3
"DicomTlsMinimumProtocolVersion" : 0,
// Set the accepted ciphers for TLS connections for the DICOM server.
// The ciphers must be provided as a list of strings. If not set,
// this will default to BCP195 ciphers if DicomTlsMinimumProtocolVersion is 0
// or to an empty list for other values. This option is only
// meaningful if "DicomTlsEnabled" is true. (new in Orthanc 1.12.4).
// This configuration must be provided if DicomTlsMinimumProtocolVersion != 0.
// The list of valid cipher names are available in
// https://www.openssl.org/docs/man3.3/man1/openssl-ciphers.html
// The OpenSSL names are used.
/**
"DicomTlsCiphersAccepted" : []
**/
Best regards,
Alain.