Mercurial > hg > orthanc
comparison OrthancServer/Resources/Configuration.json @ 5643:b1a18218860c
2 new configurations: DicomTlsMinimumProtocolVersion + DicomTlsCiphersAccepted
| author | Alain Mazy <am@orthanc.team> |
|---|---|
| date | Fri, 31 May 2024 16:56:35 +0200 |
| parents | 95e282478cda |
| children | 4b7bc21db336 |
comparison
equal
deleted
inserted
replaced
| 5642:95e282478cda | 5643:b1a18218860c |
|---|---|
| 307 **/ | 307 **/ |
| 308 | 308 |
| 309 // Whether Orthanc rejects DICOM TLS connections to/from remote | 309 // Whether Orthanc rejects DICOM TLS connections to/from remote |
| 310 // modalities that do not provide a certificate. Setting this option | 310 // modalities that do not provide a certificate. Setting this option |
| 311 // to "true" (resp. "false") corresponds to "--require-peer-cert" | 311 // to "true" (resp. "false") corresponds to "--require-peer-cert" |
| 312 // (resp. "--verify-peer-cert") in the DCMTK command-line | 312 // (resp. "--ignore-peer-cert") in the DCMTK command-line |
| 313 // tools. (new in Orthanc 1.9.3) | 313 // tools. (new in Orthanc 1.9.3) |
| 314 "DicomTlsRemoteCertificateRequired" : true, | 314 "DicomTlsRemoteCertificateRequired" : true, |
| 315 | 315 |
| 316 // Sets the minimum accepted TLS protocol version for the DICOM server | |
| 317 // By default, require TLS 1.2 or 1.3. This option is only meaningful | |
| 318 // if "DicomTlsEnabled" is true (new in Orthanc 1.12.4). | |
| 319 // Note that, internally, Orthanc is configured to use the BCP195 profile | |
| 320 // by default. As soon as you switch to another protocol version, you | |
| 321 // must also provide the list of supported cipher suites. | |
| 322 // This configuration applies to Orthanc acting both as SCU and SCP. | |
| 323 // Value => Protocols | |
| 324 // 0 use default BCP 195 profile and default cipher suites | |
| 325 // 1 SSL3+TLS1.0+TLS1.1+TLS1.2+TLS1.3 | |
| 326 // 2 TLS1.0+TLS1.1+TLS1.2+TLS1.3 | |
| 327 // 3 TLS1.1+TLS1.2+TLS1.3 | |
| 328 // 4 TLS1.2+TLS1.3 | |
| 329 // 5 TLS1.3 | |
| 330 "DicomTlsMinimumProtocolVersion" : 0, | |
| 331 | |
| 332 // Set the accepted ciphers for TLS connections for the DICOM server. | |
| 333 // The ciphers must be provided as a list of strings. If not set, | |
| 334 // this will default to BCP195 ciphers if DicomTlsMinimumProtocolVersion is 0 | |
| 335 // or to an empty list for other values. This option is only | |
| 336 // meaningful if "DicomTlsEnabled" is true. (new in Orthanc 1.12.4). | |
| 337 // This configuration must be provided if DicomTlsMinimumProtocolVersion != 0. | |
| 338 // The list of valid cipher names are available in | |
| 339 // https://www.openssl.org/docs/man3.3/man1/openssl-ciphers.html | |
| 340 // The OpenSSL names are used. | |
| 341 /** | |
| 342 "DicomTlsCiphersAccepted" : [] | |
| 343 **/ | |
| 344 | |
| 316 // Whether the Orthanc SCP allows incoming C-ECHO requests, even | 345 // Whether the Orthanc SCP allows incoming C-ECHO requests, even |
| 317 // from SCU modalities it does not know about (i.e. that are not | 346 // from SCU modalities it does not know about (i.e. that are not |
| 318 // listed in the "DicomModalities" option above). Orthanc 1.3.0 | 347 // listed in the "DicomModalities" option above). Orthanc 1.3.0 |
| 319 // is the only version to behave as if this argument were set to "false". | 348 // is the only version to behave as if this argument were set to "false". |
| 320 "DicomAlwaysAllowEcho" : true, | 349 "DicomAlwaysAllowEcho" : true, |