Mercurial > hg > orthanc
diff OrthancServer/Resources/Configuration.json @ 4438:4a4e33c9082d
configuration options for DICOM TLS in Orthanc SCU
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 07 Jan 2021 16:53:35 +0100 |
parents | 83371ccdfe80 |
children | f4dbdb2dcba6 |
line wrap: on
line diff
--- a/OrthancServer/Resources/Configuration.json Wed Jan 06 17:27:28 2021 +0100 +++ b/OrthancServer/Resources/Configuration.json Thu Jan 07 16:53:35 2021 +0100 @@ -220,6 +220,56 @@ /** + * Security-related options for the DICOM connections (SCU/SCP) + **/ + + // Whether DICOM TLS is enabled in the Orthanc SCP (new in Orthanc 1.9.0) + "DicomTlsEnabled" : false, + + // Path to the TLS certificate file (in PEM format) to be used for + // both Orthanc SCP (incoming DICOM connections) and Orthanc SCU + // (outgoing DICOM connections). Note that contrarily to the + // "SslCertificate" option, the certificate and its private key must + // be split into two separate files. (new in Orthanc 1.9.0) + /** + "DicomTlsCertificate" : "orthanc.crt", + **/ + + // Path to the file containing the private key (in PEM format) that + // corresponds to the TLS certificate specified in option + // "DicomTlsCertificate". (new in Orthanc 1.9.0) + /** + "DicomTlsPrivateKey" : "orthanc.key", + **/ + + // Path to a file containing all the TLS certificates that Orthanc + // can trust, both for its SCP (incoming DICOM connections) and SCU + // (outgoing DICOM connections). This file must contain a sequence + // of PEM certificates. (new in Orthanc 1.9.0) + /** + "DicomTlsTrustedCertificates" : "trusted.crt", + **/ + + // Whether the Orthanc SCP allows incoming C-Echo requests, even + // from SCU modalities it does not know about (i.e. that are not + // listed in the "DicomModalities" option above). Orthanc 1.3.0 + // is the only version to behave as if this argument was set to "false". + "DicomAlwaysAllowEcho" : true, + + // Whether the Orthanc SCP allows incoming C-Store requests, even + // from SCU modalities it does not know about (i.e. that are not + // listed in the "DicomModalities" option above) + "DicomAlwaysAllowStore" : true, + + // Whether Orthanc checks the IP/hostname address of the remote + // modality initiating a DICOM connection (as listed in the + // "DicomModalities" option above). If this option is set to + // "false", Orthanc only checks the AET of the remote modality. + "DicomCheckModalityHost" : false, + + + + /** * Network topology **/ @@ -276,6 +326,10 @@ * By default, all "Allow*" options are true. * "AllowStorageCommitment" is actually an alias for * "AllowNAction" & "AllowEventReport". + * + * The "UseDicomTls" option specifies whether DICOM TLS should be + * used when opening a SCU connection from Orthanc to this remote + * modality. By default, DICOM TLS is not enabled. **/ //"untrusted" : { // "AET" : "ORTHANC", @@ -288,7 +342,8 @@ // "AllowMove" : false, // "AllowStore" : true, // "AllowStorageCommitment" : false, // new in 1.6.0 - // "AllowTranscoding" : true // new in 1.7.0 + // "AllowTranscoding" : true, // new in 1.7.0 + // "UseDicomTls" : false // new in 1.9.0 //} }, @@ -296,23 +351,6 @@ // instead of in this configuration file (new in Orthanc 1.5.0) "DicomModalitiesInDatabase" : false, - // Whether the Orthanc SCP allows incoming C-Echo requests, even - // from SCU modalities it does not know about (i.e. that are not - // listed in the "DicomModalities" option above). Orthanc 1.3.0 - // is the only version to behave as if this argument was set to "false". - "DicomAlwaysAllowEcho" : true, - - // Whether the Orthanc SCP allows incoming C-Store requests, even - // from SCU modalities it does not know about (i.e. that are not - // listed in the "DicomModalities" option above) - "DicomAlwaysAllowStore" : true, - - // Whether Orthanc checks the IP/hostname address of the remote - // modality initiating a DICOM connection (as listed in the - // "DicomModalities" option above). If this option is set to - // "false", Orthanc only checks the AET of the remote modality. - "DicomCheckModalityHost" : false, - // Whether the C-ECHO SCU is automatically followed by a C-FIND SCU, // while testing the connectivity from Orthanc to a remote DICOM // modality. This allows one to check that the remote modality does