Help With Association Failed Tls error when pacs sends data to orthanc

adnan_khan1 · September 5, 2025, 9:42am

I have already configured a TLS version of Orthanc and am getting errors. The key issue is an “Association failed: TLS error: unsupported protocol,” as well as other issues. I will share the logs and my configuration below.i tried nmap and it shows the tls configured the nmap is given below also i troed minimumtlsversion 0 didnt work.

My Configuration and Logs

Generated Configuration File

JSON

{
  "Plugins": [
    "/usr/share/orthanc/plugins"
  ],
  "Name": "Orthanc TLS on Azure",
  "RemoteAccessAllowed": true,
  "HttpDescribeErrors": true,
  "AuthenticationEnabled": true,
  "RegisteredUsers": {
    "redacted": "redacted!",
    "redacted": "redacted!",
    "redacted": "redacted",
    "redacted": "redacted"
  },
  "DicomAet": "ORTHANC_TLS",
  "DicomPort": 4242,
  "DicomServerEnabled": true,
  "DicomAlwaysAllowStore": true,
  "DicomCheckCalledAet": false,
  "DicomCheckModalityHost": false,
  "DicomTlsEnabled": true,
  "DicomTlsCertificate": "/etc/letsencrypt/live/orthanc-rsa/fullchain.pem",
  "DicomTlsPrivateKey": "/etc/letsencrypt/live/orthanc-rsa/privkey.pem",
  "DicomTlsTrustedCertificates": "/etc/ssl/certs/ca-certificates.crt",
  "DicomTlsRemoteCertificateRequired": false,
  "DicomTlsMinimumProtocolVersion": 3,
  "DicomTlsCiphersAccepted": [
    "ECDHE-RSA-AES128-GCM-SHA256",
    "ECDHE-RSA-AES256-GCM-SHA384",
    "DHE-RSA-AES128-GCM-SHA256",
    "DHE-RSA-AES256-GCM-SHA384",
    "AES128-GCM-SHA256",
    "AES256-GCM-SHA384",
    "ECDHE-RSA-CHACHA20-POLY1305",
    "DHE-RSA-CHACHA20-POLY1305",
    "ECDHE-RSA-AES128-SHA256",
    "ECDHE-RSA-AES256-SHA384",
    "AES128-SHA256",
    "AES256-SHA256",
    "DHE-RSA-AES128-SHA256",
    "DHE-RSA-AES256-SHA256",
    "ECDHE-RSA-AES128-SHA",
    "ECDHE-RSA-AES256-SHA",
    "AES128-SHA",
    "AES256-SHA",
    "DHE-RSA-AES128-SHA",
    "DHE-RSA-AES256-SHA"
  ],
  "LogImportedResources": true,
  "LogExportedResources": true,
  "StorageCompression": true,
  "MaximumPatientCount": 0,
  "MaximumStorageSize": 0,
  "StorageDirectory": "/mnt/orthanc-storage",
  "HttpsCACertificates": "/etc/ssl/certs/ca-certificates.crt",
  "DicomWeb": {
    "Enable": true,
    "EnableQido": true,
    "EnableStow": true,
    "EnableWado": true,
    "Root": "/dicom-web/"
  },
  "OrthancExplorer2": {
    "Enable": true,
    "IsDefaultOrthancUI": true
  },
  "PostgreSQL": {
    "EnableIndex": true,
    "EnableStorage": false,
    "Host": "redacted",
    "Port": 5432,
    "Database": "orthanc_tls_prod_db",
    "Username": "redacted",
    "Password": "redacted",
    "EnableSsl": true,
    "Lock": false
  },
  "DicomModalities": {
    "SLICER_TLS": {
      "AET": "RADIANT",
      "Host": "182.184.225.250",
      "Port": 11112,
      "UseDicomTls": true
    },
    "REMOTE_DICOMPACS": {
      "AET": "DICOMPACS",
      "Host": "24.73.5.39",
      "Port": 104,
      "UseDicomTls": true
    },
    "BRHDGEMRMRI_TLS": {
      "AET": "BRHDGEMRMRI",
      "Host": "10.131.120.81",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDMR1M001A_TLS": {
      "AET": "BRHDMR1M001A",
      "Host": "10.131.121.84",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGECT64ED_TLS": {
      "AET": "BRHDGECT64ED",
      "Host": "10.131.120.90",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGECT64CT_TLS": {
      "AET": "BRHDGECT64CT",
      "Host": "10.131.120.95",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGECT16ER_TLS": {
      "AET": "BRHDGECT16ER",
      "Host": "10.131.120.96",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGE9CT001_TLS": {
      "AET": "BRHDGE9CT001",
      "Host": "10.137.74.105",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGE8CT001_TLS": {
      "AET": "BRHDGE8CT001",
      "Host": "10.139.202.42",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGERCT001_TLS": {
      "AET": "BRHDGERCT001",
      "Host": "10.139.246.46",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGEWCT001_TLS": {
      "AET": "BRHDGEWCT001",
      "Host": "10.145.66.41",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDGELCT001_TLS": {
      "AET": "BRHDGELCT001",
      "Host": "10.145.58.41",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDEDNM003A_TLS": {
      "AET": "BRHDEDNM003A",
      "Host": "10.141.245.136",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDRADWORKS_TLS": {
      "AET": "BRHDRADWORKS",
      "Host": "10.131.120.146",
      "Port": 4243,
      "UseDicomTls": true
    },
    "CSBHRD1M001B_TLS": {
      "AET": "CSBHRD1M001B",
      "Host": "10.131.104.146",
      "Port": 4243,
      "UseDicomTls": true
    },
    "CSBHGERD01CT_TLS": {
      "AET": "CSBHGERD01CT",
      "Host": "10.131.104.146",
      "Port": 4243,
      "UseDicomTls": true
    },
    "BRHDMKVAPPS02V1_TLS": {
      "AET": "BRHDMKVAPPS02V1",
      "Host": "10.139.8.248",
      "Port": 4243,
      "UseDicomTls": true
    }
  },
  "Gdcm": {
    "Throttling": 4,
    "RestrictTransferSyntaxes": [
      "1.2.840.10008.1.2.4.90",
      "1.2.840.10008.1.2.4.91",
      "1.2.840.10008.1.2.4.92",
      "1.2.840.10008.1.2.4.93"
    ]
  }
}

adnan_khan1 · September 5, 2025, 9:43am

Orthanc Startup Logs

```
generating temporary configuration file in /tmp/orthanc.json
Startup command: exec "Orthanc --verbose /etc/orthanc/orthanc.json"
W0903 09:57:45.975377      MAIN main.cpp:2128] Orthanc version: 1.12.9
I0903 09:57:45.975447      MAIN main.cpp:2160] Architecture: 64-bit, little endian
W0903 09:57:45.975514      MAIN OrthancConfiguration.cpp:59] Reading the configuration from: "/etc/orthanc/orthanc.json"
I0903 09:57:45.975815      MAIN Toolbox.cpp:1760] Using locale: "en_US.UTF-8" for case-insensitive comparison of strings
I0903 09:57:45.975939      MAIN Toolbox.cpp:2069] OpenSSL version: OpenSSL 3.1.4
I0903 09:57:45.976373      MAIN FromDcmtkBridge.cpp:363] (dicom) Using DCMTK version: 369
I0903 09:57:45.976421      MAIN FromDcmtkBridge.cpp:371] (dicom) Loading the embedded dictionaries
I0903 09:57:45.982699      MAIN FromDcmtkBridge.cpp:383] (dicom) Loading the embedded dictionary of private tags
I0903 09:57:45.986468      MAIN FromDcmtkBridge.cpp:2623] (dicom) Registering JPEG Lossless codecs in DCMTK
I0903 09:57:45.986489      MAIN FromDcmtkBridge.cpp:2631] (dicom) Registering JPEG codecs in DCMTK
I0903 09:57:45.986511      MAIN FromDcmtkBridge.cpp:2638] (dicom) Registering RLE codecs in DCMTK
I0903 09:57:45.986527      MAIN Enumerations.cpp:2391] Default encoding for DICOM was changed to: Latin1
I0903 09:57:45.991786      MAIN OrthancInitialization.cpp:405] Calling mallopt(M_ARENA_MAX, 5)
W0903 09:57:45.991923      MAIN main.cpp:952] Loading plugin(s) from: /usr/share/orthanc/plugins
I0903 09:57:45.991958      MAIN PluginsManager.cpp:306] (plugins) Scanning folder /usr/share/orthanc/plugins for plugins
I0903 09:57:45.992049      MAIN PluginsManager.cpp:329] (plugins) Found a shared library: "/usr/share/orthanc/plugins/libOrthancPostgreSQLIndex.so"
W0903 09:57:45.995834      MAIN PluginsManager.cpp:287] Registering plugin 'postgresql-index' (version 9.0)
I0903 09:57:45.995883      MAIN postgresql-index:/Toolbox.cpp:2069] OpenSSL version: OpenSSL 3.0.13 30 Jan 2024
W0903 09:57:45.996100      MAIN postgresql-index:/PostgreSQLParameters.cpp:110] PostgreSQL: using READ COMMITTED transaction mode
W0903 09:57:45.996118      MAIN postgresql-index:/IndexBackend.cpp:3034] The index plugin will use 50 connection(s) to the database, and will retry up to 10 time(s) in the case of a collision
I0903 09:57:45.996137      MAIN OrthancPlugins.cpp:6184] (plugins) Plugin has registered a custom database back-end (v4)
I0903 09:57:45.996197      MAIN OrthancPluginDatabaseV4.cpp:2068] (plugins) Identifier of this Orthanc server for the global properties of the custom database: "844a8815-75574c9d-3cb7d7a9-ef46a077-e6abaa5a"
I0903 09:57:45.996205      MAIN OrthancPlugins.cpp:3142] (plugins) Plugin has registered an AuditLog handler
I0903 09:57:45.996210      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /plugins/postgresql/audit-logs
I0903 09:57:45.996250      MAIN PluginsManager.cpp:329] (plugins) Found a shared library: "/usr/share/orthanc/plugins/libOrthancGdcm.so"
W0903 09:57:46.003093      MAIN PluginsManager.cpp:287] Registering plugin 'gdcm' (version 1.8)
I0903 09:57:46.003115      MAIN PluginsManager.cpp:162] (plugins) Initializing the decoder/transcoder of medical images using GDCM
W0903 09:57:46.003275      MAIN PluginsManager.cpp:158] Version of GDCM: 3.0.24
W0903 09:57:46.003285      MAIN PluginsManager.cpp:158] GDCM throttling is disabled
I0903 09:57:46.003292      MAIN OrthancPlugins.cpp:3000] (plugins) Plugin has registered a callback to decode DICOM images (1 decoder(s) now active)
I0903 09:57:46.003302      MAIN OrthancPlugins.cpp:3013] (plugins) Plugin has registered a callback to transcode DICOM images (1 transcoder(s) now active)
I0903 09:57:46.003325      MAIN PluginsManager.cpp:329] (plugins) Found a shared library: "/usr/share/orthanc/plugins/libOrthancExplorer2.so"
W0903 09:57:46.003629      MAIN PluginsManager.cpp:287] Registering plugin 'orthanc-explorer-2' (version 1.9.0)
W0903 09:57:46.003927      MAIN PluginsManager.cpp:158] Root URI to the Orthanc-Explorer 2 application: /ui/
I0903 09:57:46.003937      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/customizable/custom.css
I0903 09:57:46.003951      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/assets/(.*)
I0903 09:57:46.003966      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/index.html
I0903 09:57:46.003979      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/token-landing.html
I0903 09:57:46.003988      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/retrieve-and-view.html
I0903 09:57:46.003998      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/inbox.html
I0903 09:57:46.004008      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/favicon.ico
I0903 09:57:46.004017      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app/(.*)
I0903 09:57:46.004027      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/app
I0903 09:57:46.004035      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/api/configuration
I0903 09:57:46.004045      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /ui/api/pre-login-configuration
I0903 09:57:46.004054      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /
I0903 09:57:46.004067      MAIN OrthancPlugins.cpp:2927] (plugins) Plugin has registered an OnChange callback
I0903 09:57:46.004145      MAIN PluginsManager.cpp:329] (plugins) Found a shared library: "/usr/share/orthanc/plugins/libOrthancPostgreSQLStorage.so"
W0903 09:57:46.004526      MAIN PluginsManager.cpp:287] Registering plugin 'postgresql-storage' (version 9.0)
I0903 09:57:46.004556      MAIN postgresql-storage:/Toolbox.cpp:2069] OpenSSL version: OpenSSL 3.0.13 30 Jan 2024
W0903 09:57:46.004782      MAIN postgresql-storage:/StoragePlugin.cpp:59] The PostgreSQL storage area is currently disabled, set "EnableStorage" to "true" in the "PostgreSQL" section of the configuration file of Orthanc
I0903 09:57:46.004803      MAIN PluginsManager.cpp:329] (plugins) Found a shared library: "/usr/share/orthanc/plugins/libOrthancDicomWeb.so"
W0903 09:57:46.005174      MAIN PluginsManager.cpp:287] Registering plugin 'dicom-web' (version 1.21)
I0903 09:57:46.005432      MAIN dicom-web:/Configuration.cpp:324] The DICOMweb plugin reads the DICOMweb servers from the configuration file
W0903 09:57:46.005446      MAIN dicom-web:/Plugin.cpp:635] URI to the DICOMweb REST API: /dicom-web/
I0903 09:57:46.005450      MAIN OrthancPlugins.cpp:2900] (plugins) Plugin has registered a REST callback for chunked streams on: /dicom-web/studies
I0903 09:57:46.005459      MAIN OrthancPlugins.cpp:2900] (plugins) Plugin has registered a REST callback for chunked streams on: /dicom-web/studies/([^/]*)
I0903 09:57:46.005476      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/instances
I0903 09:57:46.005491      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/series
I0903 09:57:46.005501      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/instances
I0903 09:57:46.005515      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/metadata
I0903 09:57:46.005526      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series
I0903 09:57:46.005537      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)
I0903 09:57:46.005550      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances
I0903 09:57:46.005566      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)
I0903 09:57:46.005579      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/bulk/(.*)
I0903 09:57:46.005598      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/metadata
I0903 09:57:46.005618      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/metadata
I0903 09:57:46.005631      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/frames
I0903 09:57:46.005652      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/frames/([^/]*)
I0903 09:57:46.005701      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers
I0903 09:57:46.005720      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)
I0903 09:57:46.005730      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)/retrieve
I0903 09:57:46.005743      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)/wado
I0903 09:57:46.005754      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)/stow
I0903 09:57:46.005769      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)/get
I0903 09:57:46.005783      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)/qido
I0903 09:57:46.005793      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/servers/([^/]*)/delete
I0903 09:57:46.005806      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/app/libs/(.*)
I0903 09:57:46.005818      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/info
I0903 09:57:46.005829      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/rendered
I0903 09:57:46.005841      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/rendered
I0903 09:57:46.005857      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/rendered
I0903 09:57:46.005874      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/frames/([^/]*)/rendered
I0903 09:57:46.005895      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/thumbnail
I0903 09:57:46.005908      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/thumbnail
I0903 09:57:46.005920      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/thumbnail
I0903 09:57:46.005940      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/studies/([^/]*)/series/([^/]*)/instances/([^/]*)/frames/([^/]*)/thumbnail
I0903 09:57:46.005959      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /studies/([^/]*)/update-dicomweb-cache
I0903 09:57:46.005972      MAIN OrthancPlugins.cpp:2927] (plugins) Plugin has registered an OnChange callback
I0903 09:57:46.005988      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /dicom-web/app/client/(.*)
W0903 09:57:46.006079      MAIN dicom-web:/Plugin.cpp:748] DICOMweb public root: /dicom-web/
W0903 09:57:46.006089      MAIN dicom-web:/Plugin.cpp:750] The DICOMWeb plugin will use 1 threads to load DICOM files for WADO-RS queries
W0903 09:57:46.006095      MAIN dicom-web:/Plugin.cpp:761] URI to the WADO-URI API: /wado
I0903 09:57:46.006099      MAIN OrthancPlugins.cpp:2883] (plugins) Plugin has registered a REST callback without mutual exclusion on: /wado
W0903 09:57:46.006115      MAIN main.cpp:1791] Using a custom database from plugins
W0903 09:57:46.006121      MAIN OrthancInitialization.cpp:531] Storage directory: "/mnt/orthanc-storage"
W0903 09:57:46.121437      MAIN postgresql-index:/PostgreSQLIndex.cpp:142] The database schema already exists, checking if it needs to be updated
W0903 09:57:46.138221      MAIN postgresql-index:/PostgreSQLIndex.cpp:157] Current Database revision is 6
W0903 09:57:49.108216      MAIN main.cpp:1757] The DB latency is 10991 µs
W0903 09:57:49.108267      MAIN HttpClient.cpp:1206] HTTPS will use the CA certificates from this file: /etc/ssl/certs/ca-certificates.crt
I0903 09:57:49.108273      MAIN HttpClient.cpp:516] (http) Setting the default timeout for HTTP client connections: 0 seconds
I0903 09:57:49.108280      MAIN HttpClient.cpp:500] (http) Setting the default proxy for HTTP client connections: 
I0903 09:57:49.108290      MAIN DicomAssociationParameters.cpp:397] (dicom) Default timeout for DICOM connections if Orthanc acts as SCU (client): 10 seconds (0 = no timeout)
I0903 09:57:49.108388      MAIN DicomAssociationParameters.cpp:413] (dicom) Setting the default TLS certificate for DICOM SCU connections: /etc/letsencrypt/live/orthanc-rsa/privkey.pem (key), /etc/letsencrypt/live/orthanc-rsa/fullchain.pem (certificate)
I0903 09:57:49.108434      MAIN DicomAssociationParameters.cpp:456] (dicom) Setting the default trusted certificates for DICOM SCU connections: /etc/ssl/certs/ca-certificates.crt
I0903 09:57:49.108641      UNSTABLE-MON ServerIndex.cpp:475] Starting the monitor for stable resources (stable age = 60)
I0903 09:57:49.108745      MAIN LuaJobManager.cpp:69] (lua) Lua: DICOM associations will be closed after 5 seconds of inactivity
I0903 09:57:49.108762      MAIN LuaScripting.cpp:820] Initializing Lua for the event handler
W0903 09:57:49.108870      MAIN LuaContext.cpp:95] Lua says: Lua toolbox installed
I0903 09:57:49.108944      MAIN LuaJobManager.cpp:69] (lua) Lua: DICOM associations will be closed after 5 seconds of inactivity
I0903 09:57:49.108956      MAIN LuaScripting.cpp:820] Initializing Lua for the event handler
W0903 09:57:49.109040      MAIN LuaContext.cpp:95] Lua says: Lua toolbox installed
I0903 09:57:49.109068      MAIN ServerContext.cpp:457] Automated transcoding of incoming DICOM instances is disabled
I0903 09:57:49.109074      MAIN ServerContext.cpp:464] (dicom) Deidentification of log contents (notably for DIMSE queries) is enabled
I0903 09:57:49.109079      MAIN ServerContext.cpp:468] (dicom) Version of DICOM standard used for deidentification is 2023b
I0903 09:57:49.109234      MAIN ServerContext.cpp:487] (dicom) Preferred transfer syntax for Orthanc C-STORE SCU: 1.2.840.10008.1.2.1
I0903 09:57:49.109392      MAIN DcmtkTranscoder.cpp:79] Default quality for lossy transcoding using DCMTK is set to: 90
I0903 09:57:49.109492      MAIN ServerContext.cpp:533] Starting memory trimming thread at 30 seconds interval
W0903 09:57:49.109576      MAIN ServerContext.cpp:607] Disk compression is enabled
I0903 09:57:49.109586      MAIN ServerContext.cpp:1577] Storing MD5 for attachments: yes
W0903 09:57:49.109594      MAIN ServerIndex.cpp:402] No limit on the number of stored patients
W0903 09:57:49.109599      MAIN ServerIndex.cpp:422] No limit on the size of the storage area
I0903 09:57:49.134013      MAIN ServerContext.cpp:306] The last execution of Orthanc has archived no job
I0903 09:57:49.134222  JOBS-WORKER-0 JobsEngine.cpp:127] (jobs) Worker thread 0 has started
W0903 09:57:49.134235      MAIN JobsEngine.cpp:276] The jobs engine has started with 2 threads
I0903 09:57:49.134249  JOBS-WORKER-1 JobsEngine.cpp:127] (jobs) Worker thread 1 has started
I0903 09:57:49.134295      MAIN DicomServer.cpp:138] (dicom) Setting timeout for DICOM connections if Orthanc acts as SCP (server): 30 seconds (0 = no timeout)
I0903 09:57:49.134312      MAIN DicomServer.cpp:527] (dicom) Setting the TLS certificate for DICOM SCP connections: /etc/letsencrypt/live/orthanc-rsa/privkey.pem (key), /etc/letsencrypt/live/orthanc-rsa/fullchain.pem (certificate)
I0903 09:57:49.134367      MAIN DicomServer.cpp:577] (dicom) Setting the trusted certificates for DICOM SCP connections: /etc/ssl/certs/ca-certificates.crt
I0903 09:57:49.134480      MAIN DicomServer.cpp:410] (dicom) Orthanc SCP will use DICOM TLS
I0903 09:57:49.134505      MAIN DicomTls.cpp:145] (dicom) Initializing DICOM TLS for Orthanc SCP
I0903 09:57:49.136830      MAIN DicomServer.cpp:434] (dicom) The embedded DICOM server will use 4 threads
W0903 09:57:49.137018      MAIN main.cpp:1372] DICOM server listening with AET ORTHANC_TLS on port: 4242
I0903 09:57:49.137040      MAIN HttpServer.cpp:1687] (http) This Orthanc server uses CivetWeb as its embedded HTTP server
I0903 09:57:49.137027  DICOM-SERVER DicomServer.cpp:66] (dicom) DICOM server started
I0903 09:57:49.137049      MAIN HttpServer.cpp:2203] (http) The embedded HTTP server will use 50 threads
I0903 09:57:49.137073      MAIN HttpServer.cpp:2039] (http) HTTP keep alive is enabled
I0903 09:57:49.137080      MAIN HttpServer.cpp:2053] (http) HTTP keep alive Timeout is now 1 seconds
W0903 09:57:49.137087      MAIN HttpServer.cpp:2122] HTTP compression is disabled
I0903 09:57:49.137093      MAIN HttpServer.cpp:2216] (http) TCP_NODELAY for the HTTP sockets is set to true
I0903 09:57:49.137098      MAIN HttpServer.cpp:2236] (http) Request timeout in the HTTP server is set to 30 seconds
I0903 09:57:49.137113      MAIN main.cpp:1209] Version of Lua: Lua 5.4
W0903 09:57:49.137118      MAIN main.cpp:1220] Remote LUA script execution is disabled
W0903 09:57:49.137122      MAIN main.cpp:1232] REST API cannot write to the file system because the "RestApiWriteToFileSystemEnabled" configuration is set to false.  The URI /instances/../export is disabled.  This is the most secure configuration.
I0903 09:57:49.137136      MAIN HttpServer.cpp:2283] (http) Branching WebDAV bucket at: /webdav
I0903 09:57:49.137143      MAIN HttpServer.cpp:1735] (http) Starting embedded Web server using Civetweb
I0903 09:57:49.138586      MAIN OrthancWebDav.cpp:1691] Starting the WebDAV upload thread
W0903 09:57:49.138632      MAIN HttpServer.cpp:1880] HTTP server listening on port: 8042 (HTTPS encryption is disabled, remote access is allowed)
W0903 09:57:49.138647      MAIN main.cpp:964] Orthanc has started
I0903 09:57:49.138659      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /plugins (built-in API)
I0903 09:57:49.138741      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /plugins/dicom-web (built-in API)
I0903 09:57:49.138804      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /plugins/gdcm (built-in API)
I0903 09:57:49.138832      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /plugins/orthanc-explorer-2 (built-in API)
I0903 09:57:49.138866      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /plugins/postgresql-index (built-in API)
I0903 09:57:49.138902      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /plugins/postgresql-storage (built-in API)
I0903 09:57:49.139046      MAIN OrthancPlugins.cpp:3354] (plugins) Plugin making REST GET call on URI /system (built-in API)
I0903 09:57:49.139282      MAIN dicom-web:/Plugin.cpp:489] Orthanc supports ExtendedFind.
I0903 09:57:49.139297      MAIN LuaScripting.cpp:918] Starting the Lua engine
I0903 09:57:49.923237  DB HOUSEKEEPING postgresql-index:/PostgreSQLIndex.cpp:951] No missing ChildCount entries
E0903 09:57:55.965270  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: wrong version number
I0903 09:58:00.954576  DICOM-SERVER CommandDispatcher.cpp:334] (dicom) Association Received from AET TESTSCU on IP 39.47.9.234
I0903 09:58:00.954669  DICOM-SERVER main.cpp:324] Incoming connection from AET TESTSCU on IP 39.47.9.234, calling AET ORTHANC_TLS
I0903 09:58:00.954778  DICOM-SERVER CommandDispatcher.cpp:675] (dicom) Association Acknowledged (Max Send PDV: 16372) to AET TESTSCU on IP 39.47.9.234
I0903 09:58:01.474786       DICOM-2 main.cpp:359] Incoming Echo request from AET TESTSCU on IP 39.47.9.234, calling AET ORTHANC_TLS
I0903 09:58:01.474824       DICOM-2 CommandDispatcher.cpp:972] (dicom) Received Echo Request
I0903 09:58:01.713397       DICOM-2 CommandDispatcher.cpp:940] (dicom) Finishing association with AET TESTSCU on IP 39.47.9.234: DUL Peer Requested Release
I0903 09:58:01.713436       DICOM-2 CommandDispatcher.cpp:948] (dicom) Association Release with AET TESTSCU on IP 39.47.9.234
E0903 09:58:09.977992  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: OpenSSL I/O error (SSL_ERROR_SYSCALL)
E0903 09:58:10.468183  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:10.974542  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:10.974701  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:11.288292  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:11.603879  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:11.604042  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:11.861109  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:11.861272  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:12.176098  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:12.486255  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:12.486447  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:12.486553  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:12.486650  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:12.486853  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:12.727360  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:13.241446  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:13.241599  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:13.241688  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:13.603181  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:13.603407  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:13.860958  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:13.861141  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:13.861312  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:14.166384  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:14.429401  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:14.692290  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:14.692478  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:14.692579  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:14.999229  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:15.259635  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:15.259837  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:15.259931  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unsupported protocol
E0903 09:58:15.568462  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:16.065632  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:16.065837  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:16.307927  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:16.557251  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:16.799311  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:17.297024  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:17.546464  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:17.863750  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:18.108615  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:18.366490  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:18.367795  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:18.933585  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:19.179482  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:19.439286  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:19.753305  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:20.007847  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:20.266473  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:20.266677  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:20.751598  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:20.752027  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: no shared cipher
E0903 09:58:21.239696  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:21.495383  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:21.812299  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:22.060960  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:22.321661  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:22.574446  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:22.894840  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:23.140992  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association failed: TLS error: unexpected eof while reading
E0903 09:58:23.400756  DICOM-SERVER CommandDispatcher.cpp:285] Receiving Association fail
```

adnan_khan1 · September 5, 2025, 9:45am

PACS Logs

Here are the logs from the PACS system:

INFO 2025-09-04 07:21:20,635 [Send worker 1] (Connection.java:1018) - Initiate connection from 0.0.0.0/0.0.0.0:0 to orthanc.bactelemed.com:4242
INFO 2025-09-04 07:21:20,790 [Send worker 1] (Connection.java:1053) - Established connection Socket[addr=orthanc.bactelemed.com/48.217.66.64,port=4242,localport=49700]
INFO 2025-09-04 07:21:20,809 [Send worker 1] (Association.java:498) - DICOMPACS->ORTHANC_TLS(851) << A-ASSOCIATE-RQ
INFO 2025-09-04 07:21:20,853 [pool-1730-thread-1] (Association.java:377) - DICOMPACS->ORTHANC_TLS(851): i/o exception: java.net.SocketException: Connection reset in State: Sta5 - Awaiting A-ASSOCIATE-AC or A-ASSOCIATE-RJ PDU
INFO 2025-09-04 07:21:20,853 [pool-1730-thread-1] (Association.java:347) - DICOMPACS->ORTHANC_TLS(851): close Socket[addr=orthanc.bactelemed.com/48.217.66.64,port=4242,localport=49700]
WARN 2025-09-04 07:21:20,854 [pool-1730-thread-1] (StoreSCU.java:616) - Dimse has been closed with message: Connection reset
java.net.SocketException: Connection reset
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:186)
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:62)
at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:73)
at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)
at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)
at org.dcm4che3.net.Association$2.run(Association.java:562)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.lang.java:834)
... (Further repeated "Connection reset" errors) ...

adnan_khan1 · September 5, 2025, 9:47am

PACS Logs

Here are the logs from the PACS system:

INFO 2025-09-04 07:21:20,635 [Send worker 1] (Connection.java:1018) - Initiate connection from 0.0.0.0/0.0.0.0:0 to orthanc.bactelemed.com:4242

INFO 2025-09-04 07:21:20,790 [Send worker 1] (Connection.java:1053) - Established connection Socket[addr=orthanc.bactelemed.com/48.217.66.64,port=4242,localport=49700]

INFO 2025-09-04 07:21:20,809 [Send worker 1] (Association.java:498) - DICOMPACS->ORTHANC_TLS(851) << A-ASSOCIATE-RQ

INFO 2025-09-04 07:21:20,853 [pool-1730-thread-1] (Association.java:377) - DICOMPACS->ORTHANC_TLS(851): i/o exception: java.net.SocketException: Connection reset in State: Sta5 - Awaiting A-ASSOCIATE-AC or A-ASSOCIATE-RJ PDU

INFO 2025-09-04 07:21:20,853 [pool-1730-thread-1] (Association.java:347) - DICOMPACS->ORTHANC_TLS(851): close Socket[addr=orthanc.bactelemed.com/48.217.66.64,port=4242,localport=49700]

WARN 2025-09-04 07:21:20,854 [pool-1730-thread-1] (StoreSCU.java:616) - Dimse has been closed with message: Connection reset

java.net.SocketException: Connection reset

at java.base/java.net.SocketInputStream.read(SocketInputStream.java:186)

at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)

at org.dcm4che3.util.StreamUtils.readAvailable(StreamUtils.java:62)

at org.dcm4che3.util.StreamUtils.readFully(StreamUtils.java:73)

at org.dcm4che3.net.PDUDecoder.readFully(PDUDecoder.java:225)

at org.dcm4che3.net.PDUDecoder.nextPDU(PDUDecoder.java:159)

at org.dcm4che3.net.Association$2.run(Association.java:562)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

at java.base/java.lang.Thread.run(Thread.lang.java:834)

… (Further repeated “Connection reset” errors) …

jodogne · September 5, 2025, 10:14am

Hello,

Why are you starting another thread to discuss the same issue already covered in the other thread?

Closing this thread.

Regards,
Sébastien-