| DICOM PS3.15 2018d - Security and System Management Profiles |
|---|
An implementation that supports the BCP195 TLS Profile shall utilize the framework and negotiation mechanism specified by the Transport Layer Security protocol. It shall comply with BCP195 from the IETF.
BCP195 is currently also published as RFC7525 Recommendations for Secure Use of Transport Layer Security (TLS). Both provide suggestions for proper use of TLS 1.2 and allow appropriate fallback rules.
Existing implementations that are compliant with the DICOM AES TLS Secure Connection Profile are able to interoperate with this profile. This profile adds significant recommendations by the IETF, but does not make them mandatory. This is the IETF recommendation for upgrading an installed base.
TCP ports on which an implementation accepts TLS connections, or the mechanism by which these port numbers are selected or configured, shall be stated in the Conformance Statement. The TCP ports on which an implementation accepts TLS connections for DICOMweb shall be different from those on which an implementation accepts TLS connections for DIMSE. The HTTP/HTTPS connection for DICOMweb can be shared with other HTTP/HTTPS traffic.
It is recommended that systems supporting the BCP195 TLS Profile use the registered port number "2762 dicom-tls" for the DICOM Upper Layer Protocol on TLS.
The Conformance Statement shall indicate what mechanisms the implementation supports for Key Management. When an integrity check fails, the connection shall be dropped per the TLS protocol, causing both the sender and the receiver to issue an A-P-ABORT indication to the upper layers with an implementation-specific provider reason. The provider reason used shall be documented in the Conformance Statement.
| DICOM PS3.15 2018d - Security and System Management Profiles |
|---|