2 * TLS check program for CUPS.
4 * Copyright 2007-2017 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
7 * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
11 * Include necessary headers...
14 #include "cups-private.h"
18 int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
25 static void usage(void);
29 * 'main()' - Main entry.
32 int /* O - Exit status */
33 main(int argc
, /* I - Number of command-line arguments */
34 char *argv
[]) /* I - Command-line arguments */
36 int i
; /* Looping var */
37 http_t
*http
; /* HTTP connection */
38 const char *server
= NULL
; /* Hostname from command-line */
39 int port
= 0; /* Port number */
40 const char *cipherName
= "UNKNOWN";/* Cipher suite name */
41 int dhBits
= 0; /* Diffie-Hellman bits */
42 int tlsVersion
= 0; /* TLS version number */
43 char uri
[1024], /* Printer URI */
44 scheme
[32], /* URI scheme */
45 host
[256], /* Hostname */
46 userpass
[256], /* Username/password */
47 resource
[256]; /* Resource path */
48 int af
= AF_UNSPEC
, /* Address family */
49 tls_options
= _HTTP_TLS_NONE
,
51 tls_min_version
= _HTTP_TLS_1_0
,
52 tls_max_version
= _HTTP_TLS_MAX
,
53 verbose
= 0; /* Verbosity */
54 ipp_t
*request
, /* IPP Get-Printer-Attributes request */
55 *response
; /* IPP Get-Printer-Attributes response */
56 ipp_attribute_t
*attr
; /* Current attribute */
57 const char *name
; /* Attribute name */
58 char value
[1024]; /* Attribute (string) value */
59 static const char * const pattrs
[] = /* Requested attributes */
62 "compression-supported",
63 "document-format-supported",
66 "printer-make-and-model",
68 "printer-state-reasons",
70 "uri-authentication-supported",
71 "uri-security-supported"
75 for (i
= 1; i
< argc
; i
++)
77 if (!strcmp(argv
[i
], "--dh"))
79 tls_options
|= _HTTP_TLS_ALLOW_DH
;
81 else if (!strcmp(argv
[i
], "--no-cbc"))
83 tls_options
|= _HTTP_TLS_DENY_CBC
;
85 else if (!strcmp(argv
[i
], "--no-tls10"))
87 tls_min_version
= _HTTP_TLS_1_1
;
89 else if (!strcmp(argv
[i
], "--tls10"))
91 tls_min_version
= _HTTP_TLS_1_0
;
92 tls_max_version
= _HTTP_TLS_1_0
;
94 else if (!strcmp(argv
[i
], "--rc4"))
96 tls_options
|= _HTTP_TLS_ALLOW_RC4
;
98 else if (!strcmp(argv
[i
], "--verbose") || !strcmp(argv
[i
], "-v"))
102 else if (!strcmp(argv
[i
], "-4"))
106 else if (!strcmp(argv
[i
], "-6"))
110 else if (argv
[i
][0] == '-')
112 printf("tlscheck: Unknown option '%s'.\n", argv
[i
]);
117 if (!strncmp(argv
[i
], "ipps://", 7))
119 httpSeparateURI(HTTP_URI_CODING_ALL
, argv
[i
], scheme
, sizeof(scheme
), userpass
, sizeof(userpass
), host
, sizeof(host
), &port
, resource
, sizeof(resource
));
125 strlcpy(resource
, "/ipp/print", sizeof(resource
));
128 else if (!port
&& (argv
[i
][0] == '=' || isdigit(argv
[i
][0] & 255)))
130 if (argv
[i
][0] == '=')
131 port
= atoi(argv
[i
] + 1);
133 port
= atoi(argv
[i
]);
137 printf("tlscheck: Unexpected argument '%s'.\n", argv
[i
]);
148 _httpTLSSetOptions(tls_options
, tls_min_version
, tls_max_version
);
150 http
= httpConnect2(server
, port
, NULL
, af
, HTTP_ENCRYPTION_ALWAYS
, 1, 30000, NULL
);
153 printf("%s: ERROR (%s)\n", server
, cupsLastErrorString());
158 SSLProtocol protocol
;
159 SSLCipherSuite cipher
;
160 char unknownCipherName
[256];
161 int paramsNeeded
= 0;
166 if ((err
= SSLGetNegotiatedProtocolVersion(http
->tls
, &protocol
)) != noErr
)
168 printf("%s: ERROR (No protocol version - %d)\n", server
, (int)err
);
184 case kTLSProtocol11
:
187 case kTLSProtocol12
:
192 if ((err
= SSLGetNegotiatedCipher(http
->tls
, &cipher
)) != noErr
)
194 printf("%s: ERROR (No cipher suite - %d)\n", server
, (int)err
);
201 case TLS_NULL_WITH_NULL_NULL
:
202 cipherName
= "TLS_NULL_WITH_NULL_NULL";
204 case TLS_RSA_WITH_NULL_MD5
:
205 cipherName
= "TLS_RSA_WITH_NULL_MD5";
207 case TLS_RSA_WITH_NULL_SHA
:
208 cipherName
= "TLS_RSA_WITH_NULL_SHA";
210 case TLS_RSA_WITH_RC4_128_MD5
:
211 cipherName
= "TLS_RSA_WITH_RC4_128_MD5";
213 case TLS_RSA_WITH_RC4_128_SHA
:
214 cipherName
= "TLS_RSA_WITH_RC4_128_SHA";
216 case TLS_RSA_WITH_3DES_EDE_CBC_SHA
:
217 cipherName
= "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
219 case TLS_RSA_WITH_NULL_SHA256
:
220 cipherName
= "TLS_RSA_WITH_NULL_SHA256";
222 case TLS_RSA_WITH_AES_128_CBC_SHA256
:
223 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA256";
225 case TLS_RSA_WITH_AES_256_CBC_SHA256
:
226 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA256";
228 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
:
229 cipherName
= "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
232 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
:
233 cipherName
= "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
236 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
:
237 cipherName
= "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
240 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:
241 cipherName
= "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
244 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256
:
245 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
248 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256
:
249 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
252 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
:
253 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
256 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
:
257 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
260 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256
:
261 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
264 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256
:
265 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
268 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
:
269 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
272 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
:
273 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
276 case TLS_DH_anon_WITH_RC4_128_MD5
:
277 cipherName
= "TLS_DH_anon_WITH_RC4_128_MD5";
280 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
:
281 cipherName
= "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
284 case TLS_DH_anon_WITH_AES_128_CBC_SHA256
:
285 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
288 case TLS_DH_anon_WITH_AES_256_CBC_SHA256
:
289 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
292 case TLS_PSK_WITH_RC4_128_SHA
:
293 cipherName
= "TLS_PSK_WITH_RC4_128_SHA";
295 case TLS_PSK_WITH_3DES_EDE_CBC_SHA
:
296 cipherName
= "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
298 case TLS_PSK_WITH_AES_128_CBC_SHA
:
299 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA";
301 case TLS_PSK_WITH_AES_256_CBC_SHA
:
302 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA";
304 case TLS_DHE_PSK_WITH_RC4_128_SHA
:
305 cipherName
= "TLS_DHE_PSK_WITH_RC4_128_SHA";
308 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
:
309 cipherName
= "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
312 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA
:
313 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
316 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA
:
317 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
320 case TLS_RSA_PSK_WITH_RC4_128_SHA
:
321 cipherName
= "TLS_RSA_PSK_WITH_RC4_128_SHA";
323 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
:
324 cipherName
= "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
326 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA
:
327 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
329 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA
:
330 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
332 case TLS_PSK_WITH_NULL_SHA
:
333 cipherName
= "TLS_PSK_WITH_NULL_SHA";
335 case TLS_DHE_PSK_WITH_NULL_SHA
:
336 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA";
339 case TLS_RSA_PSK_WITH_NULL_SHA
:
340 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA";
342 case TLS_RSA_WITH_AES_128_GCM_SHA256
:
343 cipherName
= "TLS_RSA_WITH_AES_128_GCM_SHA256";
345 case TLS_RSA_WITH_AES_256_GCM_SHA384
:
346 cipherName
= "TLS_RSA_WITH_AES_256_GCM_SHA384";
348 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
:
349 cipherName
= "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
352 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
:
353 cipherName
= "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
356 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256
:
357 cipherName
= "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
360 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384
:
361 cipherName
= "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
364 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
:
365 cipherName
= "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
368 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
:
369 cipherName
= "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
372 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256
:
373 cipherName
= "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
376 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384
:
377 cipherName
= "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
380 case TLS_DH_anon_WITH_AES_128_GCM_SHA256
:
381 cipherName
= "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
384 case TLS_DH_anon_WITH_AES_256_GCM_SHA384
:
385 cipherName
= "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
388 case TLS_PSK_WITH_AES_128_GCM_SHA256
:
389 cipherName
= "TLS_PSK_WITH_AES_128_GCM_SHA256";
391 case TLS_PSK_WITH_AES_256_GCM_SHA384
:
392 cipherName
= "TLS_PSK_WITH_AES_256_GCM_SHA384";
394 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
:
395 cipherName
= "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
398 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
:
399 cipherName
= "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
402 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
:
403 cipherName
= "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
405 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
:
406 cipherName
= "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
408 case TLS_PSK_WITH_AES_128_CBC_SHA256
:
409 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA256";
411 case TLS_PSK_WITH_AES_256_CBC_SHA384
:
412 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA384";
414 case TLS_PSK_WITH_NULL_SHA256
:
415 cipherName
= "TLS_PSK_WITH_NULL_SHA256";
417 case TLS_PSK_WITH_NULL_SHA384
:
418 cipherName
= "TLS_PSK_WITH_NULL_SHA384";
420 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
:
421 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
424 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
:
425 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
428 case TLS_DHE_PSK_WITH_NULL_SHA256
:
429 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA256";
432 case TLS_DHE_PSK_WITH_NULL_SHA384
:
433 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA384";
436 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
:
437 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
439 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
:
440 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
442 case TLS_RSA_PSK_WITH_NULL_SHA256
:
443 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA256";
445 case TLS_RSA_PSK_WITH_NULL_SHA384
:
446 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA384";
448 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
:
449 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
452 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
:
453 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
456 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
:
457 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
460 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
461 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
464 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
:
465 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
468 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
:
469 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
472 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
:
473 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
476 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
:
477 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
480 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
:
481 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
484 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
:
485 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
488 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
:
489 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
492 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
:
493 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
496 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
497 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
500 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
:
501 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
504 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
:
505 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
508 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
:
509 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
512 case TLS_RSA_WITH_AES_128_CBC_SHA
:
513 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA";
515 case TLS_DH_DSS_WITH_AES_128_CBC_SHA
:
516 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
519 case TLS_DH_RSA_WITH_AES_128_CBC_SHA
:
520 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
523 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA
:
524 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
527 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:
528 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
531 case TLS_DH_anon_WITH_AES_128_CBC_SHA
:
532 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA";
535 case TLS_RSA_WITH_AES_256_CBC_SHA
:
536 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA";
538 case TLS_DH_DSS_WITH_AES_256_CBC_SHA
:
539 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
542 case TLS_DH_RSA_WITH_AES_256_CBC_SHA
:
543 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
546 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA
:
547 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
550 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA
:
551 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
554 case TLS_DH_anon_WITH_AES_256_CBC_SHA
:
555 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA";
558 case TLS_ECDH_ECDSA_WITH_NULL_SHA
:
559 cipherName
= "TLS_ECDH_ECDSA_WITH_NULL_SHA";
562 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA
:
563 cipherName
= "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
566 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
:
567 cipherName
= "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
570 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
:
571 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
574 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
:
575 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
578 case TLS_ECDHE_ECDSA_WITH_NULL_SHA
:
579 cipherName
= "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
582 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
:
583 cipherName
= "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
586 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
:
587 cipherName
= "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
590 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
:
591 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
594 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
:
595 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
598 case TLS_ECDH_RSA_WITH_NULL_SHA
:
599 cipherName
= "TLS_ECDH_RSA_WITH_NULL_SHA";
602 case TLS_ECDH_RSA_WITH_RC4_128_SHA
:
603 cipherName
= "TLS_ECDH_RSA_WITH_RC4_128_SHA";
606 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
:
607 cipherName
= "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
610 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
:
611 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
614 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
:
615 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
618 case TLS_ECDHE_RSA_WITH_NULL_SHA
:
619 cipherName
= "TLS_ECDHE_RSA_WITH_NULL_SHA";
622 case TLS_ECDHE_RSA_WITH_RC4_128_SHA
:
623 cipherName
= "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
626 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
:
627 cipherName
= "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
630 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
:
631 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
634 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
:
635 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
638 case TLS_ECDH_anon_WITH_NULL_SHA
:
639 cipherName
= "TLS_ECDH_anon_WITH_NULL_SHA";
642 case TLS_ECDH_anon_WITH_RC4_128_SHA
:
643 cipherName
= "TLS_ECDH_anon_WITH_RC4_128_SHA";
646 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
:
647 cipherName
= "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
650 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA
:
651 cipherName
= "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
654 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA
:
655 cipherName
= "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
659 snprintf(unknownCipherName
, sizeof(unknownCipherName
), "UNKNOWN_%04X", cipher
);
660 cipherName
= unknownCipherName
;
664 if (cipher
== TLS_RSA_WITH_RC4_128_MD5
||
665 cipher
== TLS_RSA_WITH_RC4_128_SHA
)
667 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server
);
672 if ((err
= SSLGetDiffieHellmanParams(http
->tls
, ¶ms
, ¶msLen
)) != noErr
&& paramsNeeded
)
674 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server
, (int)err
);
679 if (paramsLen
< 128 && paramsLen
!= 0)
681 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server
, (int)paramsLen
* 8, (int)paramsLen
);
686 dhBits
= (int)paramsLen
* 8;
687 #endif /* __APPLE__ */
690 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
, dhBits
);
692 printf("%s: OK (TLS: %d.%d, %s)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
);
696 httpAssembleURI(HTTP_URI_CODING_ALL
, uri
, sizeof(uri
), "ipps", NULL
, host
, port
, resource
);
697 request
= ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES
);
698 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_URI
, "printer-uri", NULL
, uri
);
699 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_NAME
, "requesting-user-name", NULL
, cupsUser());
700 ippAddStrings(request
, IPP_TAG_OPERATION
, IPP_TAG_KEYWORD
, "requested-attributes", (int)(sizeof(pattrs
) / sizeof(pattrs
[0])), NULL
, pattrs
);
702 response
= cupsDoRequest(http
, request
, resource
);
704 for (attr
= ippFirstAttribute(response
); attr
; attr
= ippNextAttribute(response
))
706 if (ippGetGroupTag(attr
) != IPP_TAG_PRINTER
)
709 if ((name
= ippGetName(attr
)) == NULL
)
712 ippAttributeString(attr
, value
, sizeof(value
));
713 printf(" %s=%s\n", name
, value
);
726 * 'usage()' - Show program usage.
732 puts("Usage: ./tlscheck [options] server [port]");
733 puts(" ./tlscheck [options] ipps://server[:port]/path");
736 puts(" --dh Allow DH/DHE key exchange");
737 puts(" --no-cbc Disable CBC cipher suites");
738 puts(" --no-tls10 Disable TLS/1.0");
739 puts(" --rc4 Allow RC4 encryption");
740 puts(" --tls10 Only use TLS/1.0");
741 puts(" --verbose Be verbose");
742 puts(" -4 Connect using IPv4 addresses only");
743 puts(" -6 Connect using IPv6 addresses only");
744 puts(" -v Be verbose");
746 puts("The default port is 631.");
750 #endif /* !HAVE_SSL */