]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/tlscheck.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add "-4" and "-6" options to tlscheck.
[thirdparty/cups.git] / cups / tlscheck.c
1 /*
2 * "$Id$"
3 *
4 * TLS check program for CUPS.
5 *
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * This file is subject to the Apple OS-Developed Software exception.
16 */
17
18 /*
19 * Include necessary headers...
20 */
21
22 #include "cups-private.h"
23
24
25 #ifndef HAVE_SSL
26 int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
27 #else
28
29 /*
30 * Local functions...
31 */
32
33 static void usage(void);
34
35
36 /*
37 * 'main()' - Main entry.
38 */
39
40 int /* O - Exit status */
41 main(int argc, /* I - Number of command-line arguments */
42 char *argv[]) /* I - Command-line arguments */
43 {
44 int i; /* Looping var */
45 http_t *http; /* HTTP connection */
46 const char *server = NULL; /* Hostname from command-line */
47 int port = 0; /* Port number */
48 const char *cipherName = "UNKNOWN";/* Cipher suite name */
49 int dhBits = 0; /* Diffie-Hellman bits */
50 int tlsVersion = 0; /* TLS version number */
51 char uri[1024], /* Printer URI */
52 scheme[32], /* URI scheme */
53 host[256], /* Hostname */
54 userpass[256], /* Username/password */
55 resource[256]; /* Resource path */
56 int af = AF_UNSPEC, /* Address family */
57 tls_options = _HTTP_TLS_NONE,
58 /* TLS options */
59 verbose = 0; /* Verbosity */
60 ipp_t *request, /* IPP Get-Printer-Attributes request */
61 *response; /* IPP Get-Printer-Attributes response */
62 ipp_attribute_t *attr; /* Current attribute */
63 const char *name; /* Attribute name */
64 char value[1024]; /* Attribute (string) value */
65 static const char * const pattrs[] = /* Requested attributes */
66 {
67 "color-supported",
68 "compression-supported",
69 "document-format-supported",
70 "pages-per-minute",
71 "printer-location",
72 "printer-make-and-model",
73 "printer-state",
74 "printer-state-reasons",
75 "sides-supported",
76 "uri-authentication-supported",
77 "uri-security-supported"
78 };
79
80
81 for (i = 1; i < argc; i ++)
82 {
83 if (!strcmp(argv[i], "--dh"))
84 {
85 tls_options |= _HTTP_TLS_ALLOW_DH;
86 }
87 else if (!strcmp(argv[i], "--no-tls10"))
88 {
89 tls_options |= _HTTP_TLS_DENY_TLS10;
90 }
91 else if (!strcmp(argv[i], "--rc4"))
92 {
93 tls_options |= _HTTP_TLS_ALLOW_RC4;
94 }
95 else if (!strcmp(argv[i], "--verbose") || !strcmp(argv[i], "-v"))
96 {
97 verbose = 1;
98 }
99 else if (!strcmp(argv[i], "-4"))
100 {
101 af = AF_INET;
102 }
103 else if (!strcmp(argv[i], "-6"))
104 {
105 af = AF_INET6;
106 }
107 else if (argv[i][0] == '-')
108 {
109 printf("tlscheck: Unknown option '%s'.\n", argv[i]);
110 usage();
111 }
112 else if (!server)
113 {
114 if (!strncmp(argv[i], "ipps://", 7))
115 {
116 httpSeparateURI(HTTP_URI_CODING_ALL, argv[i], scheme, sizeof(scheme), userpass, sizeof(userpass), host, sizeof(host), &port, resource, sizeof(resource));
117 server = host;
118 }
119 else
120 {
121 server = argv[i];
122 strlcpy(resource, "/ipp/print", sizeof(resource));
123 }
124 }
125 else if (!port && (argv[i][0] == '=' || isdigit(argv[i][0] & 255)))
126 {
127 if (argv[i][0] == '=')
128 port = atoi(argv[i] + 1);
129 else
130 port = atoi(argv[i]);
131 }
132 else
133 {
134 printf("tlscheck: Unexpected argument '%s'.\n", argv[i]);
135 usage();
136 }
137 }
138
139 if (!server)
140 usage();
141
142 if (!port)
143 port = 631;
144
145 _httpTLSSetOptions(tls_options);
146
147 http = httpConnect2(server, port, NULL, af, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
148 if (!http)
149 {
150 printf("%s: ERROR (%s)\n", server, cupsLastErrorString());
151 return (1);
152 }
153
154 #ifdef __APPLE__
155 SSLProtocol protocol;
156 SSLCipherSuite cipher;
157 char unknownCipherName[256];
158 int paramsNeeded = 0;
159 const void *params;
160 size_t paramsLen;
161 OSStatus err;
162
163 if ((err = SSLGetNegotiatedProtocolVersion(http->tls, &protocol)) != noErr)
164 {
165 printf("%s: ERROR (No protocol version - %d)\n", server, (int)err);
166 httpClose(http);
167 return (1);
168 }
169
170 switch (protocol)
171 {
172 default :
173 tlsVersion = 0;
174 break;
175 case kSSLProtocol3 :
176 tlsVersion = 30;
177 break;
178 case kTLSProtocol1 :
179 tlsVersion = 10;
180 break;
181 case kTLSProtocol11 :
182 tlsVersion = 11;
183 break;
184 case kTLSProtocol12 :
185 tlsVersion = 12;
186 break;
187 }
188
189 if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr)
190 {
191 printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err);
192 httpClose(http);
193 return (1);
194 }
195
196 switch (cipher)
197 {
198 case TLS_NULL_WITH_NULL_NULL:
199 cipherName = "TLS_NULL_WITH_NULL_NULL";
200 break;
201 case TLS_RSA_WITH_NULL_MD5:
202 cipherName = "TLS_RSA_WITH_NULL_MD5";
203 break;
204 case TLS_RSA_WITH_NULL_SHA:
205 cipherName = "TLS_RSA_WITH_NULL_SHA";
206 break;
207 case TLS_RSA_WITH_RC4_128_MD5:
208 cipherName = "TLS_RSA_WITH_RC4_128_MD5";
209 break;
210 case TLS_RSA_WITH_RC4_128_SHA:
211 cipherName = "TLS_RSA_WITH_RC4_128_SHA";
212 break;
213 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
214 cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
215 break;
216 case TLS_RSA_WITH_NULL_SHA256:
217 cipherName = "TLS_RSA_WITH_NULL_SHA256";
218 break;
219 case TLS_RSA_WITH_AES_128_CBC_SHA256:
220 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256";
221 break;
222 case TLS_RSA_WITH_AES_256_CBC_SHA256:
223 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256";
224 break;
225 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
226 cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
227 paramsNeeded = 1;
228 break;
229 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
230 cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
231 paramsNeeded = 1;
232 break;
233 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
234 cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
235 paramsNeeded = 1;
236 break;
237 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
238 cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
239 paramsNeeded = 1;
240 break;
241 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
242 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
243 paramsNeeded = 1;
244 break;
245 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
246 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
247 paramsNeeded = 1;
248 break;
249 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
250 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
251 paramsNeeded = 1;
252 break;
253 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
254 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
255 paramsNeeded = 1;
256 break;
257 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
258 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
259 paramsNeeded = 1;
260 break;
261 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
262 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
263 paramsNeeded = 1;
264 break;
265 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
266 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
267 paramsNeeded = 1;
268 break;
269 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
270 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
271 paramsNeeded = 1;
272 break;
273 case TLS_DH_anon_WITH_RC4_128_MD5:
274 cipherName = "TLS_DH_anon_WITH_RC4_128_MD5";
275 paramsNeeded = 1;
276 break;
277 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
278 cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
279 paramsNeeded = 1;
280 break;
281 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
282 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
283 paramsNeeded = 1;
284 break;
285 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
286 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
287 paramsNeeded = 1;
288 break;
289 case TLS_PSK_WITH_RC4_128_SHA:
290 cipherName = "TLS_PSK_WITH_RC4_128_SHA";
291 break;
292 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
293 cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
294 break;
295 case TLS_PSK_WITH_AES_128_CBC_SHA:
296 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA";
297 break;
298 case TLS_PSK_WITH_AES_256_CBC_SHA:
299 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA";
300 break;
301 case TLS_DHE_PSK_WITH_RC4_128_SHA:
302 cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA";
303 paramsNeeded = 1;
304 break;
305 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
306 cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
307 paramsNeeded = 1;
308 break;
309 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
310 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
311 paramsNeeded = 1;
312 break;
313 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
314 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
315 paramsNeeded = 1;
316 break;
317 case TLS_RSA_PSK_WITH_RC4_128_SHA:
318 cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA";
319 break;
320 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
321 cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
322 break;
323 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
324 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
325 break;
326 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
327 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
328 break;
329 case TLS_PSK_WITH_NULL_SHA:
330 cipherName = "TLS_PSK_WITH_NULL_SHA";
331 break;
332 case TLS_DHE_PSK_WITH_NULL_SHA:
333 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA";
334 paramsNeeded = 1;
335 break;
336 case TLS_RSA_PSK_WITH_NULL_SHA:
337 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA";
338 break;
339 case TLS_RSA_WITH_AES_128_GCM_SHA256:
340 cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256";
341 break;
342 case TLS_RSA_WITH_AES_256_GCM_SHA384:
343 cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384";
344 break;
345 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
346 cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
347 paramsNeeded = 1;
348 break;
349 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
350 cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
351 paramsNeeded = 1;
352 break;
353 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
354 cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
355 paramsNeeded = 1;
356 break;
357 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
358 cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
359 paramsNeeded = 1;
360 break;
361 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
362 cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
363 paramsNeeded = 1;
364 break;
365 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
366 cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
367 paramsNeeded = 1;
368 break;
369 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
370 cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
371 paramsNeeded = 1;
372 break;
373 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
374 cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
375 paramsNeeded = 1;
376 break;
377 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
378 cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
379 paramsNeeded = 1;
380 break;
381 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
382 cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
383 paramsNeeded = 1;
384 break;
385 case TLS_PSK_WITH_AES_128_GCM_SHA256:
386 cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256";
387 break;
388 case TLS_PSK_WITH_AES_256_GCM_SHA384:
389 cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384";
390 break;
391 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
392 cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
393 paramsNeeded = 1;
394 break;
395 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
396 cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
397 paramsNeeded = 1;
398 break;
399 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
400 cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
401 break;
402 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
403 cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
404 break;
405 case TLS_PSK_WITH_AES_128_CBC_SHA256:
406 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256";
407 break;
408 case TLS_PSK_WITH_AES_256_CBC_SHA384:
409 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384";
410 break;
411 case TLS_PSK_WITH_NULL_SHA256:
412 cipherName = "TLS_PSK_WITH_NULL_SHA256";
413 break;
414 case TLS_PSK_WITH_NULL_SHA384:
415 cipherName = "TLS_PSK_WITH_NULL_SHA384";
416 break;
417 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
418 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
419 paramsNeeded = 1;
420 break;
421 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
422 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
423 paramsNeeded = 1;
424 break;
425 case TLS_DHE_PSK_WITH_NULL_SHA256:
426 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256";
427 paramsNeeded = 1;
428 break;
429 case TLS_DHE_PSK_WITH_NULL_SHA384:
430 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384";
431 paramsNeeded = 1;
432 break;
433 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
434 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
435 break;
436 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
437 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
438 break;
439 case TLS_RSA_PSK_WITH_NULL_SHA256:
440 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256";
441 break;
442 case TLS_RSA_PSK_WITH_NULL_SHA384:
443 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384";
444 break;
445 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
446 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
447 paramsNeeded = 1;
448 break;
449 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
450 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
451 paramsNeeded = 1;
452 break;
453 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
454 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
455 paramsNeeded = 1;
456 break;
457 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
458 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
459 paramsNeeded = 1;
460 break;
461 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
462 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
463 paramsNeeded = 1;
464 break;
465 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
466 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
467 paramsNeeded = 1;
468 break;
469 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
470 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
471 paramsNeeded = 1;
472 break;
473 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
474 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
475 paramsNeeded = 1;
476 break;
477 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
478 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
479 paramsNeeded = 1;
480 break;
481 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
482 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
483 paramsNeeded = 1;
484 break;
485 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
486 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
487 paramsNeeded = 1;
488 break;
489 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
490 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
491 paramsNeeded = 1;
492 break;
493 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
494 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
495 paramsNeeded = 1;
496 break;
497 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
498 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
499 paramsNeeded = 1;
500 break;
501 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
502 cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
503 paramsNeeded = 1;
504 break;
505 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
506 cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
507 paramsNeeded = 1;
508 break;
509 case TLS_RSA_WITH_AES_128_CBC_SHA:
510 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA";
511 break;
512 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
513 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
514 paramsNeeded = 1;
515 break;
516 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
517 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
518 paramsNeeded = 1;
519 break;
520 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
521 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
522 paramsNeeded = 1;
523 break;
524 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
525 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
526 paramsNeeded = 1;
527 break;
528 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
529 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
530 paramsNeeded = 1;
531 break;
532 case TLS_RSA_WITH_AES_256_CBC_SHA:
533 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA";
534 break;
535 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
536 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
537 paramsNeeded = 1;
538 break;
539 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
540 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
541 paramsNeeded = 1;
542 break;
543 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
544 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
545 paramsNeeded = 1;
546 break;
547 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
548 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
549 paramsNeeded = 1;
550 break;
551 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
552 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
553 paramsNeeded = 1;
554 break;
555 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
556 cipherName = "TLS_ECDH_ECDSA_WITH_NULL_SHA";
557 paramsNeeded = 1;
558 break;
559 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
560 cipherName = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
561 paramsNeeded = 1;
562 break;
563 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
564 cipherName = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
565 paramsNeeded = 1;
566 break;
567 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
568 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
569 paramsNeeded = 1;
570 break;
571 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
572 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
573 paramsNeeded = 1;
574 break;
575 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
576 cipherName = "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
577 paramsNeeded = 1;
578 break;
579 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
580 cipherName = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
581 paramsNeeded = 1;
582 break;
583 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
584 cipherName = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
585 paramsNeeded = 1;
586 break;
587 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
588 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
589 paramsNeeded = 1;
590 break;
591 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
592 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
593 paramsNeeded = 1;
594 break;
595 case TLS_ECDH_RSA_WITH_NULL_SHA:
596 cipherName = "TLS_ECDH_RSA_WITH_NULL_SHA";
597 paramsNeeded = 1;
598 break;
599 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
600 cipherName = "TLS_ECDH_RSA_WITH_RC4_128_SHA";
601 paramsNeeded = 1;
602 break;
603 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
604 cipherName = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
605 paramsNeeded = 1;
606 break;
607 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
608 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
609 paramsNeeded = 1;
610 break;
611 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
612 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
613 paramsNeeded = 1;
614 break;
615 case TLS_ECDHE_RSA_WITH_NULL_SHA:
616 cipherName = "TLS_ECDHE_RSA_WITH_NULL_SHA";
617 paramsNeeded = 1;
618 break;
619 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
620 cipherName = "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
621 paramsNeeded = 1;
622 break;
623 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
624 cipherName = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
625 paramsNeeded = 1;
626 break;
627 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
628 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
629 paramsNeeded = 1;
630 break;
631 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
632 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
633 paramsNeeded = 1;
634 break;
635 case TLS_ECDH_anon_WITH_NULL_SHA:
636 cipherName = "TLS_ECDH_anon_WITH_NULL_SHA";
637 paramsNeeded = 1;
638 break;
639 case TLS_ECDH_anon_WITH_RC4_128_SHA:
640 cipherName = "TLS_ECDH_anon_WITH_RC4_128_SHA";
641 paramsNeeded = 1;
642 break;
643 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
644 cipherName = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
645 paramsNeeded = 1;
646 break;
647 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
648 cipherName = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
649 paramsNeeded = 1;
650 break;
651 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
652 cipherName = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
653 paramsNeeded = 1;
654 break;
655 default :
656 snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher);
657 cipherName = unknownCipherName;
658 break;
659 }
660
661 if (cipher == TLS_RSA_WITH_RC4_128_MD5 ||
662 cipher == TLS_RSA_WITH_RC4_128_SHA)
663 {
664 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server);
665 httpClose(http);
666 return (1);
667 }
668
669 if ((err = SSLGetDiffieHellmanParams(http->tls, &params, &paramsLen)) != noErr && paramsNeeded)
670 {
671 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server, (int)err);
672 httpClose(http);
673 return (1);
674 }
675
676 if (paramsLen < 128 && paramsLen != 0)
677 {
678 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server, (int)paramsLen * 8, (int)paramsLen);
679 httpClose(http);
680 return (1);
681 }
682
683 dhBits = (int)paramsLen * 8;
684 #endif /* __APPLE__ */
685
686 if (dhBits > 0)
687 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName, dhBits);
688 else
689 printf("%s: OK (TLS: %d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName);
690
691 if (verbose)
692 {
693 httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipps", NULL, host, port, resource);
694 request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
695 ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
696 ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser());
697 ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
698
699 response = cupsDoRequest(http, request, resource);
700
701 for (attr = ippFirstAttribute(response); attr; attr = ippNextAttribute(response))
702 {
703 if (ippGetGroupTag(attr) != IPP_TAG_PRINTER)
704 continue;
705
706 if ((name = ippGetName(attr)) == NULL)
707 continue;
708
709 ippAttributeString(attr, value, sizeof(value));
710 printf(" %s=%s\n", name, value);
711 }
712
713 ippDelete(response);
714 }
715
716 httpClose(http);
717
718 return (0);
719 }
720
721
722 /*
723 * 'usage()' - Show program usage.
724 */
725
726 static void
727 usage(void)
728 {
729 puts("Usage: ./tlscheck [options] server [port]");
730 puts(" ./tlscheck [options] ipps://server[:port]/path");
731 puts("");
732 puts("Options:");
733 puts(" --dh Allow DH/DHE key exchange");
734 puts(" --no-tls10 Disable TLS/1.0");
735 puts(" --rc4 Allow RC4 encryption");
736 puts(" --verbose Be verbose");
737 puts(" -4 Connect using IPv4 addresses only");
738 puts(" -6 Connect using IPv6 addresses only");
739 puts(" -v Be verbose");
740 puts("");
741 puts("The default port is 631.");
742
743 exit(1);
744 }
745 #endif /* !HAVE_SSL */
746
747
748 /*
749 * End of "$Id$".
750 */
Unnamed repository; edit this file 'description' to name the repository.