DICOM TLS with Osimis Images, ? Debian Version

Revisiting implementation of DICOM TLS for one of our Orthanc Instances to provide some connectivity to remote systems. I was reading through the online documentation again and either missed this note, or it was added recently:

https://book.orthanc-server.com/faq/dicom-tls.html

Important: DCMTK 3.6.4 seems to have an issue with DICOM TLS, which produces the errors DUL secure transport layer: no suitable signature algorithm (in the DICOM SCP) and DUL secure transport layer: sslv3 alert handshake failure (in the DICOM SCU). This problem is not specific to Orthanc, as it also occurs between two command-line tools of the DCMTK 3.6.4 suite. Make sure to use either DCMTK 3.6.2 or DCMTK 3.6.6. In particular, Debian Buster (10) uses DCMTK 3.6.4 and should be avoided in non-static builds of Orthanc, or if using the DCMTK command-line tools.

That is precisely the error that I was getting when doing some initial testing in my dev environment. I have 3 instances of Orthanc running as Docker Containers, only 1 of which I am using to test the TLS setup. Not really clear to me how to check the dcmtk version of if that even applies to the Osimis images. I was able to check the Debian version though by:

apt-get install lsb-release

lsb_release -a

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster

Just wondering if that is an issue with the Osimis images. I have custom Docker Builds for Orthanc, but my starting point is osimis/orthanc.

Looks like that issue was previously addressed:

  • upgraded DCMTK to 3.6.6 with static build to fix some DICOM TLS issues in Orthanc

Is there something else that needs to be added to support TLS using the Osimis Docker Images ?

/sds

Hi Stephen,

No, nothing else is required as soon as you use version 21.8.2 or higher.

I have tested it with this demo setup: https://bitbucket.org/osimis/orthanc-setup-samples/src/master/docker/dicom-tls/

Best regards,

Alain.

OK. Thanks. I take it if I want to “settle” on a particular recent version I can just use osimis/orthanc:21.10.0 with that tag ? It might be that I have a build from an earlier version of your images where the fix was not yet implemented. Might solve my problem.

/sds

Yes, it is actually always recommended to use a specific version tag in all your build/compose files to make sure you know exactly what version is running.
When you don’t specify any tag, it actually gets the “latest” which changes every few weeks → depending on when you’ve pulled the image, you’ll get a different one.

Alain.