web stats
TLS client handshake failed - Mirth Community

Go Back   Mirth Community > Open Source HIT > General Discussion

Reply
 
Thread Tools Display Modes
  #1  
Old 07-18-2018, 11:15 PM
deepakconnectapp deepakconnectapp is offline
What's HL7?
 
Join Date: Jul 2018
Posts: 1
deepakconnectapp is on a distinguished road
Default TLS client handshake failed

Iím working on an iPad app, using dcmtk for the DICOM communication. Iím now tasked with implementing TLS for the communication layer, but somehow have not been able to get this to work correctly. Iíve installed Mirth Connect to verify the TLS communication but it doesnít seem to be working for me. When I set the communication to ďNo TLSĒ, the association is successful and Iím able to transfer pictures from iPad to the server. I may be doing something wrong or missing something, and need some help.

Iím posting this since I did not find anything related to my problem in the forums. I'm new to Mirth and I have been testing TLS functionality in Mirth 3.6.0. I've been struggling with this error and I can't seem to figure out why various messages throw this error as there doesn't seem to be anything wrong with the message itself. Below is the error message and I'd appreciate any help that you guys can give. If more information is needed then I can export the channel. Thank you in advance!


Please refer attachment for configuration in Mirth Connect

This is how I try to create an association on the iPad app using the dcmtk library (you may refer to code below for details)

OFCondition cond = ASC_requestAssociation(net, params, &assoc);

iOS Code:

#define ServerCert "certificate.crt"
#define ServerPrivateKey "privateKey.key"
#define PrivatePEMKey "certificate.pem"
#define ClientCert "certificate.crt"
#define Password "1234"
#define isToSupportTLS 1


#define WITH_OPENSSL 1

#import "Echo.h"
#import "Constants.h"

#include "dcmtk/dcmnet/scu.h"
#include "dcmtk/config/osconfig.h"
#include "dcmtk/dcmnet/diutil.h"
#include "dcmtk/oflog/fileap.h"
#include "dcmtk/dcmtls/tlslayer.h"
#include "err.h"


@implementation Echo

-(void) PACSConnection:(ServerConfigurationModule *)configureInfo success:(void(^)(NSString *result))success failure:(void(^)(NSError *error))failure
{
@autoreleasepool
{

NSString *callingAE = configureInfo.callingAE;
NSString *calledAE = configureInfo.calledAE;
NSString *callingIP = configureInfo.callingIP;
NSString *IP = configureInfo.serverIP;

const char* callingAppTittle = [callingAE UTF8String];
const char* calledAppTittle = [calledAE UTF8String];
const char* callingPresentationAddress = [callingIP UTF8String];
const char* calledPresentationAddress = [IP UTF8String];

T_ASC_Network *net; // network struct, contains DICOM upper layer FSM etc.
dcmConnectionTimeout.set(10);
ASC_initializeNetwork(NET_REQUESTOR, 0, 10 /* timeout */, &net);

T_ASC_Parameters *params; // parameters of association request
ASC_createAssociationParameters(&params, ASC_MAXIMUMPDUSIZE);

// set calling and called AE titles
ASC_setAPTitles(params, callingAppTittle, calledAppTittle, NULL);

// the DICOM server accepts connections at server.nowhere.com port 104
ASC_setPresentationAddresses(params, callingPresentationAddress, calledPresentationAddress);

if (isToSupportTLS) {
// create TLS object that initializes the random generator through a file
// "random.dat" containing random data (1 kByte is sufficient).

DcmTLSTransportLayer *tLayer = new DcmTLSTransportLayer(DICOM_APPLICATION_REQUESTOR, "random.dat");

NSString *ClientCertpath=[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@ClientCert];
NSString *ServerPrivateKeypath=[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@ServerPrivateKey];

const char* ClientCertpathconstchar = [ClientCertpath UTF8String];
const char* ServerPrivateKeypathconstchar = [ServerPrivateKeypath UTF8String];
if (TCS_ok != tLayer->setCertificateFile(ClientCertpathconstchar, SSL_FILETYPE_PEM))
{
DCMNET_INFO("unable to load certificate");
unsigned long n = ERR_peek_error();
DCMNET_INFO(ERR_reason_error_string(n));

ERR_reason_error_string(n);
}
if (TCS_ok != tLayer->setPrivateKeyFile(ServerPrivateKeypathconstchar , SSL_FILETYPE_PEM))
{
DCMNET_INFO("unable to load private key");
unsigned long n = ERR_peek_error();
DCMNET_INFO(ERR_reason_error_string(n));
return;
}

tLayer->setCipherSuites(SSL3_TXT_RSA_DES_192_CBC3_SHA);

tLayer->setCertificateVerification(DCV_requireCertificate );//DCV_ignoreCertificate);//DCV_checkCertificate
// register and activate TLS layer
ASC_setTransportLayer(net, tLayer, 1);
ASC_setTransportLayerType(params, 1);

}

// list of transfer syntaxes, only a single entry here
const char* ts[] = { UID_LittleEndianImplicitTransferSyntax };

// add presentation context to association request
ASC_addPresentationContext(params, 1, UID_VerificationSOPClass, ts, 1);

// request DICOM association
T_ASC_Association *assoc;
OFCondition cond = ASC_requestAssociation(net, params, &assoc);

if (cond.good())
{
// Successful, do something good here later
}
else
{
// Get the exact reason for failure
if (cond.bad())
{
if (cond == DUL_WRONGDATATYPE)
{
DCMNET_INFO("DUL_WRONGDATATYPE");
}
if (cond == DUL_UNSUPPORTEDPEERPROTOCOL)
{
DCMNET_INFO("DUL_UNSUPPORTEDPEERPROTOCOL");
}
if (cond == DUL_UNEXPECTEDPDU)
{
DCMNET_INFO("DUL_UNEXPECTEDPDU");
}
if (cond == DUL_REQUESTASSOCIATIONFAILED)
{
DCMNET_INFO("DUL_REQUESTASSOCIATIONFAILED");
}
if (cond == DUL_READTIMEOUT)
{
DCMNET_INFO("DUL_READTIMEOUT");
}
if (cond == DUL_PEERREQUESTEDRELEASE)
{
DCMNET_INFO("DUL_PEERREQUESTEDRELEASE");
}
if (cond == DUL_PEERABORTEDASSOCIATION)
{
DCMNET_INFO("DUL_PEERABORTEDASSOCIATION");
}
if (cond == DUL_PDATAPDUARRIVED)
{
DCMNET_INFO("DUL_PDATAPDUARRIVED");
}
if (cond == DUL_PCTRANSLATIONFAILURE)
{
DCMNET_INFO("DUL_PCTRANSLATIONFAILURE");
}
if (cond == DUL_NULLKEY)
{
DCMNET_INFO("DUL_NULLKEY");
}
if (cond == DUL_NOPDVS)
{
DCMNET_INFO("DUL_NOPDVS");
}
if (cond == DUL_NOPDVS)
{
DCMNET_INFO("DUL_NOPDVS");
}
if (cond == DUL_NETWORKCLOSED)
{
DCMNET_INFO("DUL_NETWORKCLOSED");
}
if (cond == DUL_LISTERROR)
{
DCMNET_INFO("DUL_LISTERROR");
}
if (cond == DUL_INSUFFICIENTBUFFERLENGTH)
{
DCMNET_INFO("DUL_INSUFFICIENTBUFFERLENGTH");
}
if (cond == DUL_INCORRECTBUFFERLENGTH)
{
DCMNET_INFO("DUL_INCORRECTBUFFERLENGTH");
}
if (cond == DUL_ILLEGALREQUEST)
{
DCMNET_INFO("DUL_ILLEGALREQUEST");
}
if (cond == DUL_ILLEGALPDULENGTH)
{
DCMNET_INFO("DUL_ILLEGALPDULENGTH");
}
if (cond == DUL_ILLEGALPDU)
{
DCMNET_INFO("DUL_ILLEGALPDU");
}
if (cond == DUL_ILLEGALKEY)
{
DCMNET_INFO("DUL_ILLEGALKEY");
}
if (cond == DUL_ILLEGALPDULENGTH)
{
DCMNET_INFO("DUL_ILLEGALPDULENGTH");
}
if (cond == DUL_ILLEGALACCEPT)
{
DCMNET_INFO("DUL_ILLEGALACCEPT");
}
}


DCMNET_INFO("Echo Failed :: " << cond.text());
DCMNET_INFO("Echo Failed Connection Details :: " << configureInfo);
return;
}
}
}

Error Message (Stack Trace):
E: TLS client handshake failed
I: Echo Failed :: Failed to establish association
I: 0006:0317 Peer aborted Association (or never connected)
I: 0006:031e DUL secure transport layer: wrong version number
Attached Files
File Type: pdf MirthConnect3.6.0 configuration.pdf (345.0 KB, 2 views)
Reply With Quote
Reply

Tags
assoc, tls, version

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 12:20 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation