Mercurial > hg > orthanc

diff OrthancServer/Resources/Configuration.json @ 4438:4a4e33c9082d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
configuration options for DICOM TLS in Orthanc SCU
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 07 Jan 2021 16:53:35 +0100
parents 83371ccdfe80
children f4dbdb2dcba6
line wrap: on
line diff
--- a/OrthancServer/Resources/Configuration.json	Wed Jan 06 17:27:28 2021 +0100
+++ b/OrthancServer/Resources/Configuration.json	Thu Jan 07 16:53:35 2021 +0100
@@ -220,6 +220,56 @@
 
 
   /**
+   * Security-related options for the DICOM connections (SCU/SCP)
+   **/
+
+  // Whether DICOM TLS is enabled in the Orthanc SCP (new in Orthanc 1.9.0)
+  "DicomTlsEnabled" : false,
+
+  // Path to the TLS certificate file (in PEM format) to be used for
+  // both Orthanc SCP (incoming DICOM connections) and Orthanc SCU
+  // (outgoing DICOM connections). Note that contrarily to the
+  // "SslCertificate" option, the certificate and its private key must
+  // be split into two separate files. (new in Orthanc 1.9.0)
+  /**
+     "DicomTlsCertificate" : "orthanc.crt",
+  **/
+
+  // Path to the file containing the private key (in PEM format) that
+  // corresponds to the TLS certificate specified in option
+  // "DicomTlsCertificate". (new in Orthanc 1.9.0)
+  /**
+     "DicomTlsPrivateKey" : "orthanc.key",
+  **/
+
+  // Path to a file containing all the TLS certificates that Orthanc
+  // can trust, both for its SCP (incoming DICOM connections) and SCU
+  // (outgoing DICOM connections). This file must contain a sequence
+  // of PEM certificates. (new in Orthanc 1.9.0)
+  /**
+     "DicomTlsTrustedCertificates" : "trusted.crt",
+  **/
+  
+  // Whether the Orthanc SCP allows incoming C-Echo requests, even
+  // from SCU modalities it does not know about (i.e. that are not
+  // listed in the "DicomModalities" option above). Orthanc 1.3.0
+  // is the only version to behave as if this argument was set to "false".
+  "DicomAlwaysAllowEcho" : true,
+
+  // Whether the Orthanc SCP allows incoming C-Store requests, even
+  // from SCU modalities it does not know about (i.e. that are not
+  // listed in the "DicomModalities" option above)
+  "DicomAlwaysAllowStore" : true,
+
+  // Whether Orthanc checks the IP/hostname address of the remote
+  // modality initiating a DICOM connection (as listed in the
+  // "DicomModalities" option above). If this option is set to
+  // "false", Orthanc only checks the AET of the remote modality.
+  "DicomCheckModalityHost" : false,
+
+
+
+  /**
    * Network topology
    **/
 
@@ -276,6 +326,10 @@
      * By default, all "Allow*" options are true.
      * "AllowStorageCommitment" is actually an alias for 
      * "AllowNAction" & "AllowEventReport".
+     * 
+     * The "UseDicomTls" option specifies whether DICOM TLS should be
+     * used when opening a SCU connection from Orthanc to this remote
+     * modality. By default, DICOM TLS is not enabled.
      **/
     //"untrusted" : {
     //  "AET" : "ORTHANC",
@@ -288,7 +342,8 @@
     //  "AllowMove" : false,
     //  "AllowStore" : true,
     //  "AllowStorageCommitment" : false,  // new in 1.6.0
-    //  "AllowTranscoding" : true          // new in 1.7.0
+    //  "AllowTranscoding" : true,         // new in 1.7.0
+    //  "UseDicomTls" : false              // new in 1.9.0
     //}
   },
 
@@ -296,23 +351,6 @@
   // instead of in this configuration file (new in Orthanc 1.5.0)
   "DicomModalitiesInDatabase" : false,
 
-  // Whether the Orthanc SCP allows incoming C-Echo requests, even
-  // from SCU modalities it does not know about (i.e. that are not
-  // listed in the "DicomModalities" option above). Orthanc 1.3.0
-  // is the only version to behave as if this argument was set to "false".
-  "DicomAlwaysAllowEcho" : true,
-
-  // Whether the Orthanc SCP allows incoming C-Store requests, even
-  // from SCU modalities it does not know about (i.e. that are not
-  // listed in the "DicomModalities" option above)
-  "DicomAlwaysAllowStore" : true,
-
-  // Whether Orthanc checks the IP/hostname address of the remote
-  // modality initiating a DICOM connection (as listed in the
-  // "DicomModalities" option above). If this option is set to
-  // "false", Orthanc only checks the AET of the remote modality.
-  "DicomCheckModalityHost" : false,
-
   // Whether the C-ECHO SCU is automatically followed by a C-FIND SCU,
   // while testing the connectivity from Orthanc to a remote DICOM
   // modality. This allows one to check that the remote modality does