⚠️ This is an unofficial mirror, not affiliated with DCMTK / OFFIS. For authoritative information, see the original page (https://support.dcmtk.org/docs/mod_dcmtls.html).

dcmtls: security extensions for the network library

This module contains classes that implement DICOM network communication tunneled through a Transport Layer Security (TLS) connection, conforming to the DICOM "Security Enhancements One" extension (formerly Supplement 31). This module requires the external OpenSSL library.

The main interface classes are:

Files

The following files provide further documentation:

Examples

The following example shows a code fragment that enables TLS for an association requestor application. The complete network initialization code is not shown here and most error checking code is omitted for brevity.

T_ASC_Network *net; // network initialization code not shown,

T_ASC_Parameters *params; // we just assume these pointers to be valid

DcmTLSTransportLayer::initializeOpenSSL(); // initialize OpenSSL library

// create TLS object that initializes the random generator through a file

// "random.dat" containing random data (1 kByte is sufficient).

DcmTLSTransportLayer *tLayer = new DcmTLSTransportLayer(

NET_REQUESTOR, "random.dat");

if (tLayer->setPrivateKeyFile("privkey.pem", SSL_FILETYPE_PEM).bad())

{

cerr << "unable to load private key" << endl;

return;

}

if (tLayer->setCertificateFile("certificate.pem", SSL_FILETYPE_PEM).bad())

{

cerr << "unable to load certificate" << endl;

return;

}

// enable the ciphersuites for the BCP 195 RFC 8996 secure transport profile

tLayer->setTLSProfile(TSP_Profile_BCP_195_RFC_8996);

tLayer->activateCipherSuites();

// accept any certificate from the remote site (not recommended)

tLayer->setCertificateVerification(DCV_ignoreCertificate);

// register and activate TLS layer

ASC_setTransportLayer(net, tLayer, 1);

ASC_setTransportLayerType(params, 1);