B.11 Extended BCP 195 TLS Profile Secure Transport Connection Profile

B.11 Extended BCP 195 TLS Profile Secure Transport Connection Profile (Current)
Prev	B Secure Transport Connection Profiles (Normative)	Next

An implementation that supports the Extended BCP 195 Profile shall utilize the framework and negotiation mechanism specified by the Transport Layer Security protocol. It shall comply with [BCP 195] from the IETF with the additional restrictions enumerated below.

Note

A device may support multiple different TLS profiles. DICOM does not specify how such devices are configured in the field or how different TLS profile-related rules are specified. The site will determine what configuration is appropriate.
The DICOM profiles for TLS describe the capabilities of a product. Product configuration may permit selection of a particular profile and/or additional negotiation rules. The specific ciphersuite used is negotiated by the TLS implementation based on these rules.

The following additions are made to [BCP 195] requirements. They change some of the "should" recommendations in the RFC into requirements.

Implementations shall not negotiate TLS version 1.1 [RFC 4346] or TLS version 1.0 [RFC 2246]
Implementations shall not negotiate DTLS version 1.0 [RFC 4347]
In cases where an application protocol allows implementations or deployments a choice between strict TLS configuration and dynamic upgrade from unencrypted to TLS-protected traffic (such as STARTTLS), clients and servers shall prefer strict TLS configuration.
Application protocols typically provide a way for the server to offer TLS during an initial protocol exchange, and sometimes also provide a way for the server to advertise support for TLS (e.g., through a flag indicating that TLS is required); unfortunately, these indications are sent before the communication channel is encrypted. A client shall attempt to negotiate TLS even if these indications are not communicated by the server.
The following cipher suites shall all be supported:
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
One or more of the following cipher suites should be supported:
- TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xC0, 0x7D)
- TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xC0,0x7C)
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xC0,0x2C)
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 (0xC0,0x87)
- TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xC0,0x8B)
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC0,0x2B)
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xC0,0x86)
- TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xC0,0x8A)
No other cipher suites shall be used.
When DHE is used by key exchange, the key length shall be 2048 bits or more.
When ECDHE is used by key exchange, the key length shall be 256 bits or more.

TCP ports on which an implementation accepts TLS connections, or the mechanism by which these port numbers are selected or configured, shall be stated in the Conformance Statement. The TCP ports on which an implementation accepts TLS connections for DICOMweb shall be different from those on which an implementation accepts TLS connections for DIMSE. The HTTPS connection for DICOMweb can be shared with other HTTP/HTTPS traffic.

Note

It is recommended that systems supporting the Extended BCP 195 TLS Profile use the registered port number "2762 dicom-tls" for the DICOM Upper Layer Protocol on TLS.

The Conformance Statement shall indicate what mechanisms the implementation supports for Key Management.

When an integrity check fails, the connection shall be dropped per the TLS protocol, causing both the sender and the receiver to issue an A-P-ABORT indication to the upper layers with an implementation-specific provider reason. The provider reason used shall be documented in the Conformance Statement.

Prev	Up	Next
B.10 Non-Downgrading BCP 195 TLS Secure Transport Connection Profile	Home	C Digital Signature Profiles (Normative)