Mercurial > hg > orthanc
comparison OrthancServer/Resources/Configuration.json @ 5643:b1a18218860c
2 new configurations: DicomTlsMinimumProtocolVersion + DicomTlsCiphersAccepted
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Fri, 31 May 2024 16:56:35 +0200 |
parents | 95e282478cda |
children | 4b7bc21db336 |
comparison
equal
deleted
inserted
replaced
5642:95e282478cda | 5643:b1a18218860c |
---|---|
307 **/ | 307 **/ |
308 | 308 |
309 // Whether Orthanc rejects DICOM TLS connections to/from remote | 309 // Whether Orthanc rejects DICOM TLS connections to/from remote |
310 // modalities that do not provide a certificate. Setting this option | 310 // modalities that do not provide a certificate. Setting this option |
311 // to "true" (resp. "false") corresponds to "--require-peer-cert" | 311 // to "true" (resp. "false") corresponds to "--require-peer-cert" |
312 // (resp. "--verify-peer-cert") in the DCMTK command-line | 312 // (resp. "--ignore-peer-cert") in the DCMTK command-line |
313 // tools. (new in Orthanc 1.9.3) | 313 // tools. (new in Orthanc 1.9.3) |
314 "DicomTlsRemoteCertificateRequired" : true, | 314 "DicomTlsRemoteCertificateRequired" : true, |
315 | 315 |
316 // Sets the minimum accepted TLS protocol version for the DICOM server | |
317 // By default, require TLS 1.2 or 1.3. This option is only meaningful | |
318 // if "DicomTlsEnabled" is true (new in Orthanc 1.12.4). | |
319 // Note that, internally, Orthanc is configured to use the BCP195 profile | |
320 // by default. As soon as you switch to another protocol version, you | |
321 // must also provide the list of supported cipher suites. | |
322 // This configuration applies to Orthanc acting both as SCU and SCP. | |
323 // Value => Protocols | |
324 // 0 use default BCP 195 profile and default cipher suites | |
325 // 1 SSL3+TLS1.0+TLS1.1+TLS1.2+TLS1.3 | |
326 // 2 TLS1.0+TLS1.1+TLS1.2+TLS1.3 | |
327 // 3 TLS1.1+TLS1.2+TLS1.3 | |
328 // 4 TLS1.2+TLS1.3 | |
329 // 5 TLS1.3 | |
330 "DicomTlsMinimumProtocolVersion" : 0, | |
331 | |
332 // Set the accepted ciphers for TLS connections for the DICOM server. | |
333 // The ciphers must be provided as a list of strings. If not set, | |
334 // this will default to BCP195 ciphers if DicomTlsMinimumProtocolVersion is 0 | |
335 // or to an empty list for other values. This option is only | |
336 // meaningful if "DicomTlsEnabled" is true. (new in Orthanc 1.12.4). | |
337 // This configuration must be provided if DicomTlsMinimumProtocolVersion != 0. | |
338 // The list of valid cipher names are available in | |
339 // https://www.openssl.org/docs/man3.3/man1/openssl-ciphers.html | |
340 // The OpenSSL names are used. | |
341 /** | |
342 "DicomTlsCiphersAccepted" : [] | |
343 **/ | |
344 | |
316 // Whether the Orthanc SCP allows incoming C-ECHO requests, even | 345 // Whether the Orthanc SCP allows incoming C-ECHO requests, even |
317 // from SCU modalities it does not know about (i.e. that are not | 346 // from SCU modalities it does not know about (i.e. that are not |
318 // listed in the "DicomModalities" option above). Orthanc 1.3.0 | 347 // listed in the "DicomModalities" option above). Orthanc 1.3.0 |
319 // is the only version to behave as if this argument were set to "false". | 348 // is the only version to behave as if this argument were set to "false". |
320 "DicomAlwaysAllowEcho" : true, | 349 "DicomAlwaysAllowEcho" : true, |