4 * TLS check program for CUPS.
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
15 * This file is subject to the Apple OS-Developed Software exception.
19 * Include necessary headers...
22 #include "cups-private.h"
26 int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
33 static void usage(void);
37 * 'main()' - Main entry.
40 int /* O - Exit status */
41 main(int argc
, /* I - Number of command-line arguments */
42 char *argv
[]) /* I - Command-line arguments */
44 int i
; /* Looping var */
45 http_t
*http
; /* HTTP connection */
46 const char *server
= NULL
; /* Hostname from command-line */
47 int port
= 0; /* Port number */
48 const char *cipherName
= "UNKNOWN";/* Cipher suite name */
49 int dhBits
= 0; /* Diffie-Hellman bits */
50 int tlsVersion
= 0; /* TLS version number */
51 char uri
[1024], /* Printer URI */
52 scheme
[32], /* URI scheme */
53 host
[256], /* Hostname */
54 userpass
[256], /* Username/password */
55 resource
[256]; /* Resource path */
56 int af
= AF_UNSPEC
, /* Address family */
57 tls_options
= _HTTP_TLS_NONE
,
59 verbose
= 0; /* Verbosity */
60 ipp_t
*request
, /* IPP Get-Printer-Attributes request */
61 *response
; /* IPP Get-Printer-Attributes response */
62 ipp_attribute_t
*attr
; /* Current attribute */
63 const char *name
; /* Attribute name */
64 char value
[1024]; /* Attribute (string) value */
65 static const char * const pattrs
[] = /* Requested attributes */
68 "compression-supported",
69 "document-format-supported",
72 "printer-make-and-model",
74 "printer-state-reasons",
76 "uri-authentication-supported",
77 "uri-security-supported"
81 for (i
= 1; i
< argc
; i
++)
83 if (!strcmp(argv
[i
], "--dh"))
85 tls_options
|= _HTTP_TLS_ALLOW_DH
;
87 else if (!strcmp(argv
[i
], "--no-tls10"))
89 tls_options
|= _HTTP_TLS_DENY_TLS10
;
91 else if (!strcmp(argv
[i
], "--rc4"))
93 tls_options
|= _HTTP_TLS_ALLOW_RC4
;
95 else if (!strcmp(argv
[i
], "--verbose") || !strcmp(argv
[i
], "-v"))
99 else if (!strcmp(argv
[i
], "-4"))
103 else if (!strcmp(argv
[i
], "-6"))
107 else if (argv
[i
][0] == '-')
109 printf("tlscheck: Unknown option '%s'.\n", argv
[i
]);
114 if (!strncmp(argv
[i
], "ipps://", 7))
116 httpSeparateURI(HTTP_URI_CODING_ALL
, argv
[i
], scheme
, sizeof(scheme
), userpass
, sizeof(userpass
), host
, sizeof(host
), &port
, resource
, sizeof(resource
));
122 strlcpy(resource
, "/ipp/print", sizeof(resource
));
125 else if (!port
&& (argv
[i
][0] == '=' || isdigit(argv
[i
][0] & 255)))
127 if (argv
[i
][0] == '=')
128 port
= atoi(argv
[i
] + 1);
130 port
= atoi(argv
[i
]);
134 printf("tlscheck: Unexpected argument '%s'.\n", argv
[i
]);
145 _httpTLSSetOptions(tls_options
);
147 http
= httpConnect2(server
, port
, NULL
, af
, HTTP_ENCRYPTION_ALWAYS
, 1, 30000, NULL
);
150 printf("%s: ERROR (%s)\n", server
, cupsLastErrorString());
155 SSLProtocol protocol
;
156 SSLCipherSuite cipher
;
157 char unknownCipherName
[256];
158 int paramsNeeded
= 0;
163 if ((err
= SSLGetNegotiatedProtocolVersion(http
->tls
, &protocol
)) != noErr
)
165 printf("%s: ERROR (No protocol version - %d)\n", server
, (int)err
);
181 case kTLSProtocol11
:
184 case kTLSProtocol12
:
189 if ((err
= SSLGetNegotiatedCipher(http
->tls
, &cipher
)) != noErr
)
191 printf("%s: ERROR (No cipher suite - %d)\n", server
, (int)err
);
198 case TLS_NULL_WITH_NULL_NULL
:
199 cipherName
= "TLS_NULL_WITH_NULL_NULL";
201 case TLS_RSA_WITH_NULL_MD5
:
202 cipherName
= "TLS_RSA_WITH_NULL_MD5";
204 case TLS_RSA_WITH_NULL_SHA
:
205 cipherName
= "TLS_RSA_WITH_NULL_SHA";
207 case TLS_RSA_WITH_RC4_128_MD5
:
208 cipherName
= "TLS_RSA_WITH_RC4_128_MD5";
210 case TLS_RSA_WITH_RC4_128_SHA
:
211 cipherName
= "TLS_RSA_WITH_RC4_128_SHA";
213 case TLS_RSA_WITH_3DES_EDE_CBC_SHA
:
214 cipherName
= "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
216 case TLS_RSA_WITH_NULL_SHA256
:
217 cipherName
= "TLS_RSA_WITH_NULL_SHA256";
219 case TLS_RSA_WITH_AES_128_CBC_SHA256
:
220 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA256";
222 case TLS_RSA_WITH_AES_256_CBC_SHA256
:
223 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA256";
225 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
:
226 cipherName
= "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
229 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
:
230 cipherName
= "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
233 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
:
234 cipherName
= "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
237 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:
238 cipherName
= "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
241 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256
:
242 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
245 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256
:
246 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
249 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
:
250 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
253 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
:
254 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
257 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256
:
258 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
261 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256
:
262 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
265 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
:
266 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
269 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
:
270 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
273 case TLS_DH_anon_WITH_RC4_128_MD5
:
274 cipherName
= "TLS_DH_anon_WITH_RC4_128_MD5";
277 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
:
278 cipherName
= "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
281 case TLS_DH_anon_WITH_AES_128_CBC_SHA256
:
282 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
285 case TLS_DH_anon_WITH_AES_256_CBC_SHA256
:
286 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
289 case TLS_PSK_WITH_RC4_128_SHA
:
290 cipherName
= "TLS_PSK_WITH_RC4_128_SHA";
292 case TLS_PSK_WITH_3DES_EDE_CBC_SHA
:
293 cipherName
= "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
295 case TLS_PSK_WITH_AES_128_CBC_SHA
:
296 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA";
298 case TLS_PSK_WITH_AES_256_CBC_SHA
:
299 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA";
301 case TLS_DHE_PSK_WITH_RC4_128_SHA
:
302 cipherName
= "TLS_DHE_PSK_WITH_RC4_128_SHA";
305 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
:
306 cipherName
= "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
309 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA
:
310 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
313 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA
:
314 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
317 case TLS_RSA_PSK_WITH_RC4_128_SHA
:
318 cipherName
= "TLS_RSA_PSK_WITH_RC4_128_SHA";
320 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
:
321 cipherName
= "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
323 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA
:
324 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
326 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA
:
327 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
329 case TLS_PSK_WITH_NULL_SHA
:
330 cipherName
= "TLS_PSK_WITH_NULL_SHA";
332 case TLS_DHE_PSK_WITH_NULL_SHA
:
333 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA";
336 case TLS_RSA_PSK_WITH_NULL_SHA
:
337 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA";
339 case TLS_RSA_WITH_AES_128_GCM_SHA256
:
340 cipherName
= "TLS_RSA_WITH_AES_128_GCM_SHA256";
342 case TLS_RSA_WITH_AES_256_GCM_SHA384
:
343 cipherName
= "TLS_RSA_WITH_AES_256_GCM_SHA384";
345 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
:
346 cipherName
= "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
349 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
:
350 cipherName
= "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
353 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256
:
354 cipherName
= "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
357 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384
:
358 cipherName
= "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
361 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
:
362 cipherName
= "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
365 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
:
366 cipherName
= "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
369 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256
:
370 cipherName
= "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
373 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384
:
374 cipherName
= "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
377 case TLS_DH_anon_WITH_AES_128_GCM_SHA256
:
378 cipherName
= "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
381 case TLS_DH_anon_WITH_AES_256_GCM_SHA384
:
382 cipherName
= "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
385 case TLS_PSK_WITH_AES_128_GCM_SHA256
:
386 cipherName
= "TLS_PSK_WITH_AES_128_GCM_SHA256";
388 case TLS_PSK_WITH_AES_256_GCM_SHA384
:
389 cipherName
= "TLS_PSK_WITH_AES_256_GCM_SHA384";
391 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
:
392 cipherName
= "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
395 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
:
396 cipherName
= "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
399 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
:
400 cipherName
= "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
402 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
:
403 cipherName
= "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
405 case TLS_PSK_WITH_AES_128_CBC_SHA256
:
406 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA256";
408 case TLS_PSK_WITH_AES_256_CBC_SHA384
:
409 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA384";
411 case TLS_PSK_WITH_NULL_SHA256
:
412 cipherName
= "TLS_PSK_WITH_NULL_SHA256";
414 case TLS_PSK_WITH_NULL_SHA384
:
415 cipherName
= "TLS_PSK_WITH_NULL_SHA384";
417 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
:
418 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
421 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
:
422 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
425 case TLS_DHE_PSK_WITH_NULL_SHA256
:
426 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA256";
429 case TLS_DHE_PSK_WITH_NULL_SHA384
:
430 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA384";
433 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
:
434 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
436 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
:
437 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
439 case TLS_RSA_PSK_WITH_NULL_SHA256
:
440 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA256";
442 case TLS_RSA_PSK_WITH_NULL_SHA384
:
443 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA384";
445 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
:
446 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
449 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
:
450 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
453 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
:
454 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
457 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
458 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
461 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
:
462 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
465 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
:
466 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
469 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
:
470 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
473 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
:
474 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
477 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
:
478 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
481 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
:
482 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
485 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
:
486 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
489 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
:
490 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
493 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
494 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
497 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
:
498 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
501 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
:
502 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
505 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
:
506 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
509 case TLS_RSA_WITH_AES_128_CBC_SHA
:
510 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA";
512 case TLS_DH_DSS_WITH_AES_128_CBC_SHA
:
513 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
516 case TLS_DH_RSA_WITH_AES_128_CBC_SHA
:
517 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
520 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA
:
521 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
524 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:
525 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
528 case TLS_DH_anon_WITH_AES_128_CBC_SHA
:
529 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA";
532 case TLS_RSA_WITH_AES_256_CBC_SHA
:
533 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA";
535 case TLS_DH_DSS_WITH_AES_256_CBC_SHA
:
536 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
539 case TLS_DH_RSA_WITH_AES_256_CBC_SHA
:
540 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
543 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA
:
544 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
547 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA
:
548 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
551 case TLS_DH_anon_WITH_AES_256_CBC_SHA
:
552 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA";
555 case TLS_ECDH_ECDSA_WITH_NULL_SHA
:
556 cipherName
= "TLS_ECDH_ECDSA_WITH_NULL_SHA";
559 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA
:
560 cipherName
= "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
563 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
:
564 cipherName
= "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
567 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
:
568 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
571 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
:
572 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
575 case TLS_ECDHE_ECDSA_WITH_NULL_SHA
:
576 cipherName
= "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
579 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
:
580 cipherName
= "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
583 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
:
584 cipherName
= "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
587 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
:
588 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
591 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
:
592 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
595 case TLS_ECDH_RSA_WITH_NULL_SHA
:
596 cipherName
= "TLS_ECDH_RSA_WITH_NULL_SHA";
599 case TLS_ECDH_RSA_WITH_RC4_128_SHA
:
600 cipherName
= "TLS_ECDH_RSA_WITH_RC4_128_SHA";
603 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
:
604 cipherName
= "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
607 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
:
608 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
611 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
:
612 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
615 case TLS_ECDHE_RSA_WITH_NULL_SHA
:
616 cipherName
= "TLS_ECDHE_RSA_WITH_NULL_SHA";
619 case TLS_ECDHE_RSA_WITH_RC4_128_SHA
:
620 cipherName
= "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
623 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
:
624 cipherName
= "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
627 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
:
628 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
631 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
:
632 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
635 case TLS_ECDH_anon_WITH_NULL_SHA
:
636 cipherName
= "TLS_ECDH_anon_WITH_NULL_SHA";
639 case TLS_ECDH_anon_WITH_RC4_128_SHA
:
640 cipherName
= "TLS_ECDH_anon_WITH_RC4_128_SHA";
643 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
:
644 cipherName
= "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
647 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA
:
648 cipherName
= "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
651 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA
:
652 cipherName
= "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
656 snprintf(unknownCipherName
, sizeof(unknownCipherName
), "UNKNOWN_%04X", cipher
);
657 cipherName
= unknownCipherName
;
661 if (cipher
== TLS_RSA_WITH_RC4_128_MD5
||
662 cipher
== TLS_RSA_WITH_RC4_128_SHA
)
664 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server
);
669 if ((err
= SSLGetDiffieHellmanParams(http
->tls
, ¶ms
, ¶msLen
)) != noErr
&& paramsNeeded
)
671 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server
, (int)err
);
676 if (paramsLen
< 128 && paramsLen
!= 0)
678 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server
, (int)paramsLen
* 8, (int)paramsLen
);
683 dhBits
= (int)paramsLen
* 8;
684 #endif /* __APPLE__ */
687 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
, dhBits
);
689 printf("%s: OK (TLS: %d.%d, %s)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
);
693 httpAssembleURI(HTTP_URI_CODING_ALL
, uri
, sizeof(uri
), "ipps", NULL
, host
, port
, resource
);
694 request
= ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES
);
695 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_URI
, "printer-uri", NULL
, uri
);
696 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_NAME
, "requesting-user-name", NULL
, cupsUser());
697 ippAddStrings(request
, IPP_TAG_OPERATION
, IPP_TAG_KEYWORD
, "requested-attributes", (int)(sizeof(pattrs
) / sizeof(pattrs
[0])), NULL
, pattrs
);
699 response
= cupsDoRequest(http
, request
, resource
);
701 for (attr
= ippFirstAttribute(response
); attr
; attr
= ippNextAttribute(response
))
703 if (ippGetGroupTag(attr
) != IPP_TAG_PRINTER
)
706 if ((name
= ippGetName(attr
)) == NULL
)
709 ippAttributeString(attr
, value
, sizeof(value
));
710 printf(" %s=%s\n", name
, value
);
723 * 'usage()' - Show program usage.
729 puts("Usage: ./tlscheck [options] server [port]");
730 puts(" ./tlscheck [options] ipps://server[:port]/path");
733 puts(" --dh Allow DH/DHE key exchange");
734 puts(" --no-tls10 Disable TLS/1.0");
735 puts(" --rc4 Allow RC4 encryption");
736 puts(" --verbose Be verbose");
737 puts(" -4 Connect using IPv4 addresses only");
738 puts(" -6 Connect using IPv6 addresses only");
739 puts(" -v Be verbose");
741 puts("The default port is 631.");
745 #endif /* !HAVE_SSL */