DICOM PS3.2 2024e - Conformance

N.11.2.5 A.C.2.5 Secure Transport Connection Details

Table N.11.2.5-1 lists the secure transport connection profiles and cipher suites supported for TLS 1.3:

[Describe here the mechanisms and tools that are supported by the implementation for Certificate Distribution, Certificate Validation and Key Management.]

[In Table N.11.2.5-1 Secure Transport Connection Profiles and Cipher Suites, add any Profile claimed in Section N.8.4.2 Secure Transport Connection Profiles. For each Profile, list all TLS 1.3 Cipher suites supported by your product and fill in the "Default Preference Order" column if applicable.]

Table N.11.2.5-1. Secure Transport Connection Profiles and Cipher Suites

Profile

Cipher Suite

Default Preference Order (from 1=preferred to n=less preferred)

Modified BCP 195 RFC 8996 TLS Secure Transport Connection Profile

TLS_AES_256_GCM_SHA384

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_GCM_SHA256

TLS_AES_128_GCM_SHA256

TLS_AES_128_CCM_8_SHA256

[Any TLS Profile supported by <product>]

[Any Cypher suite]


Table N.11.2.5-2 lists the secure transport connection profiles and key exchange algorithms supported for TLS 1.3:

[In Table N.11.2.5-2 Secure Transport Connection Profiles and TLS 1.3 Key Exchange Algorithms, add any Profile claimed in Section N.8.4.2 Secure Transport Connection Profiles. For each Profile, list all TLS 1.3 key exchange algorithms supported by your product and fill in the “Default Preference Order” column if applicable]

Table N.11.2.5-2. Secure Transport Connection Profiles and TLS 1.3 Key Exchange Algorithms

Profile

Key Exchange Algorithms

Default Preference Order (from 1=preferred to n=less preferred)

Modified BCP 195 RFC 8996 TLS Secure Transport Connection Profile

ECDHE

DHE

[Any TLS Profile supported by <product>]

[Any key exchange algorithm]


Table N.11.2.5-3 lists the secure transport connection profiles and signature algorithms supported for TLS 1.3:

[In Table N.11.2.5-3 Secure Transport Connection Profiles and TLS 1.3 Signature Algorithms, add any Profile claimed in Section N.8.4.2 Secure Transport Connection Profiles. For each Profile, list all TLS 1.3 signature algorithms supported by your product and fill in the “Default Preference Order” column if applicable]

Table N.11.2.5-3. Secure Transport Connection Profiles and TLS 1.3 Signature Algorithms

Profile

Signature Algorithms

Default Preference Order (from 1=preferred to n=less preferred)

Modified BCP 195 RFC 8996 TLS Secure Transport Connection Profile

ECDSA

RSASSA PKCS#1 v1.5 (RSA)

RSASSA-PSS

[Any TLS Profile supported by <product>]

[Any signature algorithm]


Table N.11-4 lists the secure transport connection profiles and cipher suites supported for TLS 1.2:

[In Table N.11-4, add any Profile claimed in Section N.8.4.2 Secure Transport Connection Profiles. For each Profile, list all TLS 1.2 Cipher suites supported by your product and fill in the "Default Preference Order" column if applicable.]

Table N.11-4. Secure Transport Connection Profiles and Cipher Suites

Profile

Cipher Suite

Default Preference Order (from 1=preferred to n=less preferred)

Modified BCP 195 RFC 8996 TLS Secure Transport Connection Profile

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_CCM

TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

[Other Cipher Suites]

[Any TLS Profile supported by <product>]

[Any Cypher suite]


[Describe here the mechanisms and tools that are supported by the implementation for Certificate Distribution, Certificate Validation and Key Management.]

Table N.11-5 describes the configurable parameters and behaviors supported by this product for the Secure Transport Connection:

[Indicated in the "Configurable" column whether the parameters are configurable (Y) or not (N).]

Table N.11-5. Secure Transport Connection Configuration

Local Secure Transport Connection Configuration

Parameter/Behavior

Configurable

Default Value

Comments

Common Secure Transport Connection parameters

Port

See Section N.6 Configuration

A-P-ABORT provider reason in case of integrity check failure

BCP 195 RFC 8996 TLS Secure Transport Connection

[List specific configurable parameters for the local system]

Modified BCP 195 RFC 8996 TLS Secure Transport Connection Parameters

[List specific configurable parameters for the local system]

Other Profile Secure Transport Connection parameters

Remote Secure Transport Connection Configuration Parameters

Parameter

Configurable

Default Value

Comments

Common Secure Transport Connection Parameters

Port

See Section N.6 Configuration

A-P-ABORT provider reason in case of integrity check failure

BCP 195 RFC 8996 TLS Secure Transport Connection

[List specific configurable parameters for the local system]

Modified BCP 195 RFC 8996 TLS Secure Transport Connection Parameters

[List specific configurable parameters for the local system]

<Other Profile> Secure Transport Connection Parameters


DICOM PS3.2 2024e - Conformance