# HG changeset patch # User Alain Mazy # Date 1716287672 -7200 # Node ID a714c5fdc4cfa9bf115d51e5f80387f03ee73fdf # Parent 7ae36fd42cbe96637d7925b7c3d7ef3608fd99f3 DicomTlsRemoteCertificateRequired=false is now equivalent to --ignore-peer-cert DCMTK option instead of --verify-peer-cert diff -r 7ae36fd42cbe -r a714c5fdc4cf Sphinx/source/faq/dicom-tls.rst --- a/Sphinx/source/faq/dicom-tls.rst Thu May 16 16:14:38 2024 +0200 +++ b/Sphinx/source/faq/dicom-tls.rst Tue May 21 12:34:32 2024 +0200 @@ -185,10 +185,11 @@ Starting from Orthanc 1.9.3, it is possible to allow connections to/from remote DICOM modalities that do not provide a DICOM TLS -certificate (which corresponds to the ``--verify-peer-cert`` option of +certificate (which corresponds to the ``--ignore-peer-cert`` option of DCMTK). This requires setting the :ref:`configuration option ` ``DicomTlsRemoteCertificateRequired`` of Orthanc to -``false``. +``false``. Note: between Orthanc 1.9.3 and Orthanc 1.12.3 included, +this option was actually equivalent to ``--verify-peer-cert``. .. highlight:: bash @@ -207,14 +208,12 @@ "DicomTlsEnabled" : true, "DicomTlsCertificate" : "orthanc.crt", "DicomTlsPrivateKey" : "orthanc.key", - "DicomTlsTrustedCertificates" : "orthanc.crt", "DicomTlsRemoteCertificateRequired" : false } .. highlight:: text -Note that the ``DicomTlsTrustedCertificates`` is set to a dummy value, -because this option must always be present. It is then possible to +It is then possible to connect to Orthanc without SCU certificate as follows:: $ echoscu -v localhost 4242 --anonymous-tls +cf /tmp/k/orthanc.crt @@ -223,8 +222,3 @@ I: Sending Echo Request (MsgID 1) I: Received Echo Response (Success) I: Releasing Association - - -**Remark:** Importantly, if the remote DICOM modality provides an -invalid DICOM TLS certificate, Orthanc will never accept the -connection.