Mercurial > hg > orthanc

changeset 5638:4535194cbb8a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
document TLS 1.3 in SslMinimumProtocolVersion
author Alain Mazy <am@orthanc.team>
date Wed, 22 May 2024 16:06:30 +0200
parents 7043e646fc0d
children b6a6179a2a69
files OrthancServer/Resources/Configuration.json OrthancServer/Sources/main.cpp
diffstat 2 files changed, 15 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/OrthancServer/Resources/Configuration.json	Wed May 22 15:43:06 2024 +0200
+++ b/OrthancServer/Resources/Configuration.json	Wed May 22 16:06:30 2024 +0200
@@ -225,23 +225,24 @@
   // if "SslEnabled" is true.
   "SslCertificate" : "certificate.pem",
 
-  // Sets the minimum accepted SSL protocol version
+  // Sets the minimum accepted SSL protocol version for the HTTP server
   // (cf. "ssl_protocol_version" option of civetweb). By default,
-  // require SSL 1.2. This option is only meaningful if "SslEnabled"
+  // require TLS 1.2 or 1.3. This option is only meaningful if "SslEnabled"
   // is true. (new in Orthanc 1.8.2)
   //
   // Value => Protocols
-  //   0      SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2
-  //   1      SSL3+TLS1.0+TLS1.1+TLS1.2
-  //   2      TLS1.0+TLS1.1+TLS1.2
-  //   3      TLS1.1+TLS1.2
-  //   4      TLS1.2
+  //   0      SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2+TLS1.3
+  //   1      SSL3+TLS1.0+TLS1.1+TLS1.2+TLS1.3
+  //   2      TLS1.0+TLS1.1+TLS1.2+TLS1.3
+  //   3      TLS1.1+TLS1.2+TLS1.3
+  //   4      TLS1.2+TLS1.3
+  //   5      TLS1.3
   "SslMinimumProtocolVersion" : 4,
 
-  // Set the accepted ciphers for SSL connections. The ciphers must be
-  // provided as a list of strings. If not set, this will default to
-  // FIPS 140-2 ciphers. This option is only meaningful if
-  // "SslEnabled" is true. (new in Orthanc 1.8.2)
+  // Set the accepted ciphers for SSL connections for the HTTP server. 
+  // The ciphers must be provided as a list of strings. If not set, 
+  // this will default to FIPS 140-2 ciphers. This option is only 
+  // meaningful if "SslEnabled" is true. (new in Orthanc 1.8.2)
   /**
     "SslCiphersAccepted" : [ "AES128-GCM-SHA256" ],
   **/
--- a/OrthancServer/Sources/main.cpp	Wed May 22 15:43:06 2024 +0200
+++ b/OrthancServer/Sources/main.cpp	Wed May 22 16:06:30 2024 +0200
@@ -1106,10 +1106,10 @@
         httpServer.SetSslEnabled(true);
         httpServer.SetSslCertificate(certificate.c_str());
         
-        // Default to TLS 1.2 as SSL minimum
+        // Default to TLS 1.2+1.3 as SSL minimum
         // See https://github.com/civetweb/civetweb/blob/master/docs/UserManual.md "ssl_protocol_version" for mapping
-        static const unsigned int TLS_1_2 = 4;
-        unsigned int minimumVersion = lock.GetConfiguration().GetUnsignedIntegerParameter("SslMinimumProtocolVersion", TLS_1_2);
+        static const unsigned int TLS_1_2_AND_1_3 = 4;
+        unsigned int minimumVersion = lock.GetConfiguration().GetUnsignedIntegerParameter("SslMinimumProtocolVersion", TLS_1_2_AND_1_3);
         httpServer.SetSslMinimumVersion(minimumVersion);
 
         static const char* SSL_CIPHERS_ACCEPTED = "SslCiphersAccepted";