Revisiting implementation of DICOM TLS for one of our Orthanc Instances to provide some connectivity to remote systems. I was reading through the online documentation again and either missed this note, or it was added recently:
https://book.orthanc-server.com/faq/dicom-tls.html
Important: DCMTK 3.6.4 seems to have an issue with DICOM TLS, which produces the errors DUL secure transport layer: no suitable signature algorithm (in the DICOM SCP) and DUL secure transport layer: sslv3 alert handshake failure (in the DICOM SCU). This problem is not specific to Orthanc, as it also occurs between two command-line tools of the DCMTK 3.6.4 suite. Make sure to use either DCMTK 3.6.2 or DCMTK 3.6.6. In particular, Debian Buster (10) uses DCMTK 3.6.4 and should be avoided in non-static builds of Orthanc, or if using the DCMTK command-line tools.
That is precisely the error that I was getting when doing some initial testing in my dev environment. I have 3 instances of Orthanc running as Docker Containers, only 1 of which I am using to test the TLS setup. Not really clear to me how to check the dcmtk version of if that even applies to the Osimis images. I was able to check the Debian version though by:
apt-get install lsb-release
lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Just wondering if that is an issue with the Osimis images. I have custom Docker Builds for Orthanc, but my starting point is osimis/orthanc.
Looks like that issue was previously addressed:
- upgraded DCMTK to 3.6.6 with static build to fix some DICOM TLS issues in Orthanc
Is there something else that needs to be added to support TLS using the Osimis Docker Images ?
/sds