+++ /dev/null
-.\"
-.\" client.conf man page for CUPS.
-.\"
-.\" Copyright 2007-2018 by Apple Inc.
-.\" Copyright 2006 by Easy Software Products.
-.\"
-.\" Licensed under Apache License v2.0. See the file "LICENSE" for more information.
-.\"
-.TH client.conf 5 "CUPS" "15 April 2019" "Apple Inc."
-.SH NAME
-client.conf \- client configuration file for cups
-.SH DESCRIPTION
-The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories.
-Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
-.LP
-\fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
-The \fBServerName\fR directive is not supported on macOS at all.
-Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead.
-See the NOTES section below for more information.
-.SS DIRECTIVES
-The following directives are understood by the client. Consult the online help for detailed descriptions:
-.TP 5
-\fBAllowAnyRoot Yes\fR
-.TP 5
-\fBAllowAnyRoot No\fR
-Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
-The default is "Yes".
-.TP 5
-\fBAllowExpiredCerts Yes\fR
-.TP 5
-\fBAllowExpiredCerts No\fR
-Specifies whether to allow TLS with expired certificates.
-The default is "No".
-.TP 5
-\fBEncryption IfRequested\fR
-.TP 5
-\fBEncryption Never\fR
-.TP 5
-\fBEncryption Required\fR
-Specifies the level of encryption that should be used.
-.TP 5
-\fBGSSServiceName \fIname\fR
-Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
-CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
-.TP 5
-\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]
-.TP 5
-\fBServerName \fI/domain/socket\fR
-Specifies the address and optionally the port to use when connecting to the server.
-\fBNote: This directive is not supported on macOS 10.7 or later.\fR
-.TP 5
-\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
-Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-.TP 5
-\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR]
-.TP 5
-\fBSSLOptions None\fR
-Sets encryption options (only in /etc/cups/client.conf).
-By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-Security is reduced when \fIAllow\fR options are used.
-Security is enhanced when \fIDeny\fR options are used.
-The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
-The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients.
-The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
-The \fIDenyCBC\fR option disables all CBC cipher suites.
-The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
-The \fIMinTLS\fR options set the minimum TLS version to support.
-The \fIMaxTLS\fR options set the maximum TLS version to support.
-Not all operating systems support TLS 1.3 at this time.
-.TP 5
-\fBTrustOnFirstUse Yes\fR
-.TP 5
-\fBTrustOnFirstUse No\fR
-Specifies whether to trust new TLS certificates by default.
-The default is "Yes".
-.TP 5
-\fBUser \fIname\fR
-Specifies the default user name to use for requests.
-.\"#UserAgentTokens
-.TP 5
-\fBUserAgentTokens None\fR
-.TP 5
-\fBUserAgentTokens ProductOnly\fR
-.TP 5
-\fBUserAgentTokens Major\fR
-.TP 5
-\fBUserAgentTokens Minor\fR
-.TP 5
-\fBUserAgentTokens Minimal\fR
-.TP 5
-\fBUserAgentTokens OS\fR
-.TP 5
-\fBUserAgentTokens Full\fR
-Specifies what information is included in the User-Agent header of HTTP requests.
-"None" disables the User-Agent header.
-"ProductOnly" reports "CUPS".
-"Major" reports "CUPS/major IPP/2".
-"Minor" reports "CUPS/major.minor IPP/2.1".
-"Minimal" reports "CUPS/major.minor.patch IPP/2.1".
-"OS" reports "CUPS/major.minor.path (osname osversion) IPP/2.1".
-"Full" reports "CUPS/major.minor.path (osname osversion; architecture) IPP/2.1".
-The default is "Minimal".
-.TP 5
-\fBValidateCerts Yes\fR
-.TP 5
-\fBValidateCerts No\fR
-Specifies whether to only allow TLS with certificates whose common name matches the hostname.
-The default is "No".
-.SH NOTES
-The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS.
-Configuration settings can instead be viewed or changed using the
-.BR defaults (1)
-command:
-.nf
-defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
-defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO
-
-defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
-.fi
-On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
-.SH SEE ALSO
-.BR cups (1),
-.BR default (1),
-CUPS Online Help (http://localhost:631/help)
-.SH COPYRIGHT
-Copyright \[co] 2007-2018 by Apple Inc.
projects / thirdparty / cups.git / blobdiff