How can I add DICOM TLS authentication when running Orthanc Server in a docker container

I am running Orthanc Server using a docker-compose file as follows

version: ‘3.1’
services:
orthanc:
image: jodogne/orthanc:1.9.7
command: /run/secrets/
container_name: orthanc1
ports:

  • “4242:4242”
    secrets:
  • orthanc.json
    environment:
  • ORTHANC_NAME=MYNAME
    secrets:
    orthanc.json:
    file: orthanc.json

and the orthanc.json file is as follows

{
“Name” : “${MYNAME} in Docker Compose”,
“RemoteAccessAllowed” : true,
“DicomAet” : “MYNAME”,
“DicomAlwaysAllowFind” : true,
“DicomAlwaysAllowGet” : true,
“DicomCheckModalityHost” : false
}

This setup is working fine, however I would like add TLS Authentication as mentioned in the link:- https://book.orthanc-server.com/faq/dicom-tls.html

Now when changing my json configuration as mentioned in above link when I use command docker-compose up I get an error stating Inexistent file Orthanc.key. I looked up the issue and found an article https://groups.google.com/g/orthanc-users/c/ZUUECc9AzaU but solution here as per my understanding is for ssl connection and works when Orthanc Server is installed on system and path for the key is relative to the executable. (correct me if I am understanding it wrong, its my first time working with docker and Orthanc)

Looking for advise on how to modify docker-compose.yml & orthanc.json file so that when I am running Orthanc Server in a docker container I can use echoscu command from my linux machine using TLS authentication. i.e using certificate & Key pair (ex echoscu -v -aet MYNAME localhost 4242 +tls dcmtk.key dcmtk.crt +cf orthanc.crt similar to this).
Let me know if some additional information is needed

Hi,

Here’s a DICOM TLS sample Docker setup using Osimis images: https://bitbucket.org/osimis/orthanc-setup-samples/src/master/docker/dicom-tls/

HTH,

Alain

Hi Alain,

Thanks for the reply, I tried using your setup, by running the command docker-compose up --build,
However I am getting the following error when attempting to connect to the DICOM Server in the docker container by using the following command from the tls folder in terminal

echoscu -v -aet ORTHANCA localhost 4242 +tls orthanc-a-server-key.pem orthanc-a-server-crt.pem +cf trusted-crt.pem
I: Requesting Association
E: TLS client handshake failed
F: Association Request Failed: 0006:031b Failed to establish association
F: 0006:0317 Peer aborted Association (or never connected)
F: 0006:031e DUL secure transport layer: sslv3 alert handshake failure

and the message I get in terminal where i ran the command docker-compose up --build is

orthanc-a-server_1 | E0119 14:59:30.016774 CommandDispatcher.cpp:283] Receiving Association failed: DUL secure transport layer: no suitable signature algorithm

What am I doing wrong here? Can you guide me?

You probably have echoscu version 3.6.4 (there were some issues with DICOM TLS and this version). Try to upgrade to 3.6.5 or 3.6.6.

HTH,

Alain

Hi Alain,

Thanks you for the reply, yes I had dcmtk version 3.6.4 on debian 10 system. I uninstalled that version and downloaded the source code from github for dcmtk 3.6.6 (https://github.com/DCMTK/dcmtk). Followed the instruction for build and built dcmtk 3.6.6 on my debian 10 system. I added the “dcmtk-3.6.6-install/usr/local/bin/” folder to PATH using export PATH command.

After that I re attempted to connect to the docker container using the command echoscu -v -aet ORTHANCA localhost 4242 +tls orthanc-a-server-key.pem orthanc-a-server-crt.pem +cf trusted-crt.pem.
I received the following error log:

E: DcmDataDictionary: Cannot open file: /usr/local/share/dcmtk/dicom.dic
W: no data dictionary loaded, check environment variable: DCMDICTPATH
I: Requesting Association
I: Association Accepted (Max Send PDV: 16372)
I: Sending Echo Request (MsgID 1)
E: Echo Failed: 0006:0213 Data dictionary missing
E: Echo SCU Failed: 0006:0213 Data dictionary missing
I: Aborting Association

I added “dcmtk-3.6.6-install/usr/local/share/dcmtk/” to PATH and checked using echo PATH that its been added correctly and in that path dicom.dic file is present. Its present however I am getting the same error as above.

In the docker terminal logs I get the following messages for the same

orthanc-a-server_1 | I0123 16:14:23.498902 CommandDispatcher.cpp:332] (dicom) Association Received from AET ORTHANCA on IP 192.168.7.1
orthanc-a-server_1 | I0123 16:14:23.499024 main.cpp:318] Incoming connection from AET ORTHANCA on IP 192.168.7.1, calling AET ANY-SCP
orthanc-a-server_1 | I0123 16:14:23.499142 CommandDispatcher.cpp:663] (dicom) Association Acknowledged (Max Send PDV: 16372) to AET ORTHANCA on IP 192.168.7.1
orthanc-a-server_1 | I0123 16:14:23.499831 CommandDispatcher.cpp:917] (dicom) Finishing association with AET ORTHANCA on IP 192.168.7.1: Peer aborted Association (or never connected)
orthanc-a-server_1 | I0123 16:14:23.499917 CommandDispatcher.cpp:930] (dicom) Association Aborted with AET ORTHANCA on IP 192.168.7.1

What am I missing here or doing wrong?

Hi Dinesh,

Since your issue is related to echoscu not loading the dictionary, I would suggest you to contact the DCMTK support and eventually share your reply here.

Best regards,

Alain.