.\"
.\" cupsd.conf man page for CUPS.
.\"
-.\" Copyright 2007-2017 by Apple Inc.
-.\" Copyright 1997-2006 by Easy Software Products.
+.\" Copyright © 2007-2018 by Apple Inc.
+.\" Copyright © 1997-2006 by Easy Software Products.
.\"
.\" These coded instructions, statements, and computer programs are the
.\" property of Apple Inc. and are protected by Federal copyright
.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsd.conf 5 "CUPS" "21 June 2016" "Apple Inc."
+.TH cupsd.conf 5 "CUPS" "24 April 2018" "Apple Inc."
.SH NAME
cupsd.conf \- server configuration file for cups
.SH DESCRIPTION
.br
Specifies whether shared printers are advertised.
The default is "No".
-.\"#Classification
-.TP 5
-\fBClassification \fIbanner\fR
-.br
-Specifies the security classification of the server.
-Any valid banner name can be used, including "classified", "confidential", "secret", "topsecret", and "unclassified", or the banner can be omitted to disable secure printing functions.
-The default is no classification banner.
-.\"#ClassifyOverride
-.TP 5
-\fBClassifyOverride Yes\fR
-.TP 5
-\fBClassifyOverride No\fR
-.br
-Specifies whether users may override the classification (cover page) of individual print jobs using the "job-sheets" option.
-The default is "No".
.\"#DefaultAuthType
.TP 5
\fBDefaultAuthType Basic\fR
\fBErrorPolicy abort-job\fR
Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
.TP 5
+\fBErrorPolicy retry-current-job\fR
+Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
+.TP 5
\fBErrorPolicy retry-job\fR
Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
.TP 5
-\fBErrorPolicy retry-this-job\fR
-Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
-.TP 5
\fBErrorPolicy stop-printer\fR
Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
.\"#FilterLimit
\fBMultipleOperationTimeout \fIseconds\fR
Specifies the maximum amount of time to allow between files in a multiple file print job.
The default is "300" (5 minutes).
-.\"#PageLogFormat
-.TP 5
-\fBPageLogFormat \fIformat-string\fR
-Specifies the format of PageLog lines.
-Sequences beginning with percent (%) characters are replaced with the corresponding information, while all other characters are copied literally.
-The following percent sequences are recognized:
-.nf
-
- "%%" inserts a single percent character.
- "%{name}" inserts the value of the specified IPP attribute.
- "%C" inserts the number of copies for the current page.
- "%P" inserts the current page number.
- "%T" inserts the current date and time in common log format.
- "%j" inserts the job ID.
- "%p" inserts the printer name.
- "%u" inserts the username.
-
-.fi
-The default is the empty string, which disables page logging.
-The string "%p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}" creates a page log with the standard items.
.\"#PassEnv
.TP 5
\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
\fBReloadTimeout \fIseconds\fR
Specifies the amount of time to wait for job completion before restarting the scheduler.
The default is "30".
-.\"#RIPCache
-.TP 5
-\fBRIPCache \fIsize\fR
-Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.
-The default is "128m".
.\"#ServerAdmin
.TP 5
\fBServerAdmin \fIemail-address\fR
Listens on the specified address and port for encrypted connections.
.\"#SSLOptions
.TP 5
-\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
+\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR]
.TP 5
\fBSSLOptions None\fR
Sets encryption options.
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+Security is reduced when \fIAllow\fR options are used.
+Security is enhanced when \fIDeny\fR options are used.
+The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients.
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The \fIDenyCBC\fR option disables all CBC cipher suites.
+The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
.\"#SSLPort
.TP 5
\fBSSLPort \fIport\fR
\fBSubscriptionPrivateValues \fIattribute-name \fR[ ... \fIattribute-name \fR]
Specifies the list of subscription values to make private.
The "default" values are "notify-events", "notify-pull-method", "notify-recipient-uri", "notify-subscriber-user-name", and "notify-user-data".
+.SS DEPRECATED DIRECTIVES
+The following directives are deprecated and will be removed in a future release of CUPS:
+.\"#Classification
+.TP 5
+\fBClassification \fIbanner\fR
+.br
+Specifies the security classification of the server.
+Any valid banner name can be used, including "classified", "confidential", "secret", "topsecret", and "unclassified", or the banner can be omitted to disable secure printing functions.
+The default is no classification banner.
+.\"#ClassifyOverride
+.TP 5
+\fBClassifyOverride Yes\fR
+.TP 5
+\fBClassifyOverride No\fR
+.br
+Specifies whether users may override the classification (cover page) of individual print jobs using the "job-sheets" option.
+The default is "No".
+.\"#PageLogFormat
+.TP 5
+\fBPageLogFormat \fIformat-string\fR
+Specifies the format of PageLog lines.
+Sequences beginning with percent (%) characters are replaced with the corresponding information, while all other characters are copied literally.
+The following percent sequences are recognized:
+.nf
+
+ "%%" inserts a single percent character.
+ "%{name}" inserts the value of the specified IPP attribute.
+ "%C" inserts the number of copies for the current page.
+ "%P" inserts the current page number.
+ "%T" inserts the current date and time in common log format.
+ "%j" inserts the job ID.
+ "%p" inserts the printer name.
+ "%u" inserts the username.
+
+.fi
+The default is the empty string, which disables page logging.
+The string "%p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}" creates a page log with the standard items.
+.\"#RIPCache
+.TP 5
+\fBRIPCache \fIsize\fR
+Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.
+The default is "128m".
.SH CONFORMING TO
The \fBcupsd.conf\fR file format is based on the Apache HTTP Server configuration file format.
.SH EXAMPLES
.BR subscriptions.conf (5),
CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
-Copyright \[co] 2007-2017 by Apple Inc.
+Copyright \[co] 2007-2018 by Apple Inc.