]> git.ipfire.org Git - thirdparty/cups.git/blame - doc/help/man-client.conf.html
Greatly simplify the man page handling.
[thirdparty/cups.git] / doc / help / man-client.conf.html
CommitLineData
c277f98c 1<!DOCTYPE HTML>
94436c5a
MS
2<html>
3<!-- SECTION: Man Pages -->
4<head>
5 <link rel="stylesheet" type="text/css" href="../cups-printable.css">
6 <title>client.conf(5)</title>
7</head>
8<body>
9<h1 class="title">client.conf(5)</h1>
10<h2 class="title"><a name="NAME">Name</a></h2>
87030afb 11client.conf - client configuration file for cups (deprecated on macos)
94436c5a 12<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
651e0a22
MS
13The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories.
14Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
8072030b
MS
15<p><b>Note:</b> Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
16The <b>ServerName</b> directive is not supported on macOS at all.
17Starting with macOS 10.12, all applications can access these settings in the <i>/Library/Preferences/org.cups.PrintingPrefs.plist</i> file instead.
08d56b1f 18See the NOTES section below for more information.
651e0a22
MS
19<h3><a name="DIRECTIVES">Directives</a></h3>
20The following directives are understood by the client. Consult the online help for detailed descriptions:
2909c66c 21<dl class="man">
ddf95fe6
MS
22<dt><b>AllowAnyRoot Yes</b>
23<dd style="margin-left: 5.0em"><dt><b>AllowAnyRoot No</b>
651e0a22 24<dd style="margin-left: 5.0em">Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
ddf95fe6
MS
25The default is "Yes".
26<dt><b>AllowExpiredCerts Yes</b>
27<dd style="margin-left: 5.0em"><dt><b>AllowExpiredCerts No</b>
651e0a22 28<dd style="margin-left: 5.0em">Specifies whether to allow TLS with expired certificates.
08d56b1f 29The default is "No".
651e0a22
MS
30<dt><b>Encryption IfRequested</b>
31<dd style="margin-left: 5.0em"><dt><b>Encryption Never</b>
32<dd style="margin-left: 5.0em"><dt><b>Encryption Required</b>
33<dd style="margin-left: 5.0em">Specifies the level of encryption that should be used.
34<dt><b>GSSServiceName </b><i>name</i>
35<dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
36CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
37<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]
38<dd style="margin-left: 5.0em"><dt><b>ServerName </b><i>/domain/socket</i>
39<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to the server.
47eb8d30 40<b>Note: This directive is not supported on macOS 10.7 or later.</b>
651e0a22
MS
41<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
42<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
dda99de9 43<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>] [<i>MaxTLS1.0</i>] [<i>MaxTLS1.1</i>] [<i>MaxTLS1.2</i>] [<i>MaxTLS1.3</i>] [<i>MinTLS1.0</i>] [<i>MinTLS1.1</i>] [<i>MinTLS1.2</i>] [<i>MinTLS1.3</i>]
63aefcd5
MS
44<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
45<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
46By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
dda99de9
MS
47Security is reduced when <i>Allow</i> options are used.
48Security is enhanced when <i>Deny</i> options are used.
49The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
50The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients.
63aefcd5 51The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
345e10ca 52The <i>DenyCBC</i> option disables all CBC cipher suites.
c59e07c6 53The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
dda99de9
MS
54The <i>MinTLS</i> options set the minimum TLS version to support.
55The <i>MaxTLS</i> options set the maximum TLS version to support.
56Not all operating systems support TLS 1.3 at this time.
08d56b1f
MS
57<dt><b>TrustOnFirstUse Yes</b>
58<dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b>
59<dd style="margin-left: 5.0em">Specifies whether to trust new TLS certificates by default.
60The default is "Yes".
651e0a22
MS
61<dt><b>User </b><i>name</i>
62<dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
dc84a5a4
MS
63<dt><a name="UserAgentTokens"></a><b>UserAgentTokens None</b>
64<dd style="margin-left: 5.0em"><dt><b>UserAgentTokens ProductOnly</b>
65<dd style="margin-left: 5.0em"><dt><b>UserAgentTokens Major</b>
66<dd style="margin-left: 5.0em"><dt><b>UserAgentTokens Minor</b>
67<dd style="margin-left: 5.0em"><dt><b>UserAgentTokens Minimal</b>
68<dd style="margin-left: 5.0em"><dt><b>UserAgentTokens OS</b>
69<dd style="margin-left: 5.0em"><dt><b>UserAgentTokens Full</b>
70<dd style="margin-left: 5.0em">Specifies what information is included in the User-Agent header of HTTP requests.
71"None" disables the User-Agent header.
72"ProductOnly" reports "CUPS".
73"Major" reports "CUPS/major IPP/2".
74"Minor" reports "CUPS/major.minor IPP/2.1".
75"Minimal" reports "CUPS/major.minor.patch IPP/2.1".
76"OS" reports "CUPS/major.minor.path (osname osversion) IPP/2.1".
77"Full" reports "CUPS/major.minor.path (osname osversion; architecture) IPP/2.1".
78The default is "Minimal".
ddf95fe6
MS
79<dt><b>ValidateCerts Yes</b>
80<dd style="margin-left: 5.0em"><dt><b>ValidateCerts No</b>
81<dd style="margin-left: 5.0em">Specifies whether to only allow TLS with certificates whose common name matches the hostname.
82The default is "No".
2909c66c 83</dl>
651e0a22 84<h2 class="title"><a name="NOTES">Notes</a></h2>
8072030b 85The <b>client.conf</b> file is deprecated on macOS and will no longer be supported in a future version of CUPS.
08d56b1f
MS
86Configuration settings can instead be viewed or changed using the
87<b>defaults</b>(1)
88command:
89<pre class="man">
90defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
91defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO
92
93defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
94</pre>
95On Linux and other systems using GNU TLS, the <i>/etc/cups/ssl/site.crl</i> file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
94436c5a 96<h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
87030afb 97<b>cups</b>(1),
08d56b1f 98<b>default</b>(1),
651e0a22 99CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
94436c5a 100<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
87030afb 101Copyright &copy; 2007-2019 by Apple Inc.
94436c5a
MS
102
103</body>
104</html>