]>
Commit | Line | Data |
---|---|---|
b423cd4c | 1 | .\" |
7131e285 | 2 | .\" client.conf man page for CUPS. |
b423cd4c | 3 | .\" |
f61dfc0d | 4 | .\" Copyright 2007-2018 by Apple Inc. |
7131e285 | 5 | .\" Copyright 2006 by Easy Software Products. |
b423cd4c | 6 | .\" |
e3101897 | 7 | .\" Licensed under Apache License v2.0. See the file "LICENSE" for more information. |
b423cd4c | 8 | .\" |
8f1fbdec | 9 | .TH client.conf 5 "CUPS" "3 November 2017" "Apple Inc." |
b423cd4c | 10 | .SH NAME |
08d56b1f | 11 | client.conf \- client configuration file for cups |
b423cd4c | 12 | .SH DESCRIPTION |
7131e285 MS |
13 | The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories. |
14 | Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. | |
15 | .LP | |
8072030b MS |
16 | \fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. |
17 | The \fBServerName\fR directive is not supported on macOS at all. | |
18 | Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead. | |
08d56b1f | 19 | See the NOTES section below for more information. |
7131e285 MS |
20 | .SS DIRECTIVES |
21 | The following directives are understood by the client. Consult the online help for detailed descriptions: | |
b423cd4c | 22 | .TP 5 |
f51f3773 | 23 | \fBAllowAnyRoot Yes\fR |
f9988e18 | 24 | .TP 5 |
f51f3773 | 25 | \fBAllowAnyRoot No\fR |
f9988e18 | 26 | Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. |
f51f3773 | 27 | The default is "Yes". |
f9988e18 | 28 | .TP 5 |
f51f3773 | 29 | \fBAllowExpiredCerts Yes\fR |
f9988e18 | 30 | .TP 5 |
f51f3773 | 31 | \fBAllowExpiredCerts No\fR |
f9988e18 | 32 | Specifies whether to allow TLS with expired certificates. |
08d56b1f | 33 | The default is "No". |
f9988e18 | 34 | .TP 5 |
7131e285 | 35 | \fBEncryption IfRequested\fR |
b423cd4c | 36 | .TP 5 |
7131e285 | 37 | \fBEncryption Never\fR |
b423cd4c | 38 | .TP 5 |
7131e285 MS |
39 | \fBEncryption Required\fR |
40 | Specifies the level of encryption that should be used. | |
b423cd4c | 41 | .TP 5 |
7131e285 MS |
42 | \fBGSSServiceName \fIname\fR |
43 | Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". | |
44 | CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". | |
07ed0e9a | 45 | .TP 5 |
7131e285 | 46 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR] |
b423cd4c | 47 | .TP 5 |
7131e285 MS |
48 | \fBServerName \fI/domain/socket\fR |
49 | Specifies the address and optionally the port to use when connecting to the server. | |
21d8d62b | 50 | \fBNote: This directive is not supported on macOS 10.7 or later.\fR |
3e7fe0ca | 51 | .TP 5 |
7131e285 MS |
52 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR |
53 | Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. | |
3699c637 | 54 | .TP 5 |
8f1fbdec | 55 | \fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR] |
63aefcd5 MS |
56 | .TP 5 |
57 | \fBSSLOptions None\fR | |
58 | Sets encryption options (only in /etc/cups/client.conf). | |
59 | By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. | |
02c88e67 MS |
60 | Security is reduced when \fIAllow\fR options are used. |
61 | Security is enhanced when \fIDeny\fR options are used. | |
62 | The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). | |
63 | The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. | |
63aefcd5 | 64 | The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. |
f2e87147 | 65 | The \fIDenyCBC\fR option disables all CBC cipher suites. |
ee6226a5 | 66 | The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. |
dda99de9 MS |
67 | The \fIMinTLS\fR options set the minimum TLS version to support. |
68 | The \fIMaxTLS\fR options set the maximum TLS version to support. | |
8f1fbdec | 69 | Not all operating systems support TLS 1.3 at this time. |
63aefcd5 | 70 | .TP 5 |
08d56b1f MS |
71 | \fBTrustOnFirstUse Yes\fR |
72 | .TP 5 | |
73 | \fBTrustOnFirstUse No\fR | |
74 | Specifies whether to trust new TLS certificates by default. | |
75 | The default is "Yes". | |
76 | .TP 5 | |
7131e285 | 77 | \fBUser \fIname\fR |
3e7fe0ca | 78 | Specifies the default user name to use for requests. |
f51f3773 MS |
79 | .TP 5 |
80 | \fBValidateCerts Yes\fR | |
81 | .TP 5 | |
82 | \fBValidateCerts No\fR | |
83 | Specifies whether to only allow TLS with certificates whose common name matches the hostname. | |
84 | The default is "No". | |
7131e285 | 85 | .SH NOTES |
8072030b | 86 | The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS. |
08d56b1f MS |
87 | Configuration settings can instead be viewed or changed using the |
88 | .BR defaults (1) | |
89 | command: | |
90 | .nf | |
91 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required | |
92 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO | |
93 | ||
94 | defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption | |
95 | .fi | |
96 | On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates. | |
b423cd4c | 97 | .SH SEE ALSO |
7131e285 | 98 | .BR cups (1), |
08d56b1f | 99 | .BR default (1), |
7131e285 | 100 | CUPS Online Help (http://localhost:631/help) |
b423cd4c | 101 | .SH COPYRIGHT |
f61dfc0d | 102 | Copyright \[co] 2007-2018 by Apple Inc. |