]>
Commit | Line | Data |
---|---|---|
b423cd4c | 1 | .\" |
7131e285 | 2 | .\" client.conf man page for CUPS. |
b423cd4c | 3 | .\" |
87030afb MS |
4 | .\" Copyright © 2007-2019 by Apple Inc. |
5 | .\" Copyright © 2006 by Easy Software Products. | |
b423cd4c | 6 | .\" |
87030afb MS |
7 | .\" Licensed under Apache License v2.0. See the file "LICENSE" for more |
8 | .\" information. | |
b423cd4c | 9 | .\" |
87030afb | 10 | .TH client.conf 5 "CUPS" "26 April 2019" "Apple Inc." |
b423cd4c | 11 | .SH NAME |
87030afb | 12 | client.conf \- client configuration file for cups (deprecated on macos) |
b423cd4c | 13 | .SH DESCRIPTION |
7131e285 MS |
14 | The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories. |
15 | Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. | |
16 | .LP | |
8072030b MS |
17 | \fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. |
18 | The \fBServerName\fR directive is not supported on macOS at all. | |
19 | Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead. | |
08d56b1f | 20 | See the NOTES section below for more information. |
7131e285 MS |
21 | .SS DIRECTIVES |
22 | The following directives are understood by the client. Consult the online help for detailed descriptions: | |
b423cd4c | 23 | .TP 5 |
f51f3773 | 24 | \fBAllowAnyRoot Yes\fR |
f9988e18 | 25 | .TP 5 |
f51f3773 | 26 | \fBAllowAnyRoot No\fR |
f9988e18 | 27 | Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. |
f51f3773 | 28 | The default is "Yes". |
f9988e18 | 29 | .TP 5 |
f51f3773 | 30 | \fBAllowExpiredCerts Yes\fR |
f9988e18 | 31 | .TP 5 |
f51f3773 | 32 | \fBAllowExpiredCerts No\fR |
f9988e18 | 33 | Specifies whether to allow TLS with expired certificates. |
08d56b1f | 34 | The default is "No". |
f9988e18 | 35 | .TP 5 |
7131e285 | 36 | \fBEncryption IfRequested\fR |
b423cd4c | 37 | .TP 5 |
7131e285 | 38 | \fBEncryption Never\fR |
b423cd4c | 39 | .TP 5 |
7131e285 MS |
40 | \fBEncryption Required\fR |
41 | Specifies the level of encryption that should be used. | |
b423cd4c | 42 | .TP 5 |
7131e285 MS |
43 | \fBGSSServiceName \fIname\fR |
44 | Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". | |
45 | CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". | |
07ed0e9a | 46 | .TP 5 |
7131e285 | 47 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR] |
b423cd4c | 48 | .TP 5 |
7131e285 MS |
49 | \fBServerName \fI/domain/socket\fR |
50 | Specifies the address and optionally the port to use when connecting to the server. | |
21d8d62b | 51 | \fBNote: This directive is not supported on macOS 10.7 or later.\fR |
3e7fe0ca | 52 | .TP 5 |
7131e285 MS |
53 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR |
54 | Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. | |
3699c637 | 55 | .TP 5 |
8f1fbdec | 56 | \fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR] |
63aefcd5 MS |
57 | .TP 5 |
58 | \fBSSLOptions None\fR | |
59 | Sets encryption options (only in /etc/cups/client.conf). | |
60 | By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. | |
02c88e67 MS |
61 | Security is reduced when \fIAllow\fR options are used. |
62 | Security is enhanced when \fIDeny\fR options are used. | |
63 | The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). | |
64 | The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. | |
63aefcd5 | 65 | The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. |
f2e87147 | 66 | The \fIDenyCBC\fR option disables all CBC cipher suites. |
ee6226a5 | 67 | The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. |
dda99de9 MS |
68 | The \fIMinTLS\fR options set the minimum TLS version to support. |
69 | The \fIMaxTLS\fR options set the maximum TLS version to support. | |
8f1fbdec | 70 | Not all operating systems support TLS 1.3 at this time. |
63aefcd5 | 71 | .TP 5 |
08d56b1f MS |
72 | \fBTrustOnFirstUse Yes\fR |
73 | .TP 5 | |
74 | \fBTrustOnFirstUse No\fR | |
75 | Specifies whether to trust new TLS certificates by default. | |
76 | The default is "Yes". | |
77 | .TP 5 | |
7131e285 | 78 | \fBUser \fIname\fR |
3e7fe0ca | 79 | Specifies the default user name to use for requests. |
59cd12c6 MS |
80 | .\"#UserAgentTokens |
81 | .TP 5 | |
82 | \fBUserAgentTokens None\fR | |
83 | .TP 5 | |
84 | \fBUserAgentTokens ProductOnly\fR | |
85 | .TP 5 | |
86 | \fBUserAgentTokens Major\fR | |
87 | .TP 5 | |
88 | \fBUserAgentTokens Minor\fR | |
89 | .TP 5 | |
90 | \fBUserAgentTokens Minimal\fR | |
91 | .TP 5 | |
92 | \fBUserAgentTokens OS\fR | |
93 | .TP 5 | |
94 | \fBUserAgentTokens Full\fR | |
95 | Specifies what information is included in the User-Agent header of HTTP requests. | |
96 | "None" disables the User-Agent header. | |
97 | "ProductOnly" reports "CUPS". | |
98 | "Major" reports "CUPS/major IPP/2". | |
99 | "Minor" reports "CUPS/major.minor IPP/2.1". | |
100 | "Minimal" reports "CUPS/major.minor.patch IPP/2.1". | |
101 | "OS" reports "CUPS/major.minor.path (osname osversion) IPP/2.1". | |
102 | "Full" reports "CUPS/major.minor.path (osname osversion; architecture) IPP/2.1". | |
103 | The default is "Minimal". | |
f51f3773 MS |
104 | .TP 5 |
105 | \fBValidateCerts Yes\fR | |
106 | .TP 5 | |
107 | \fBValidateCerts No\fR | |
108 | Specifies whether to only allow TLS with certificates whose common name matches the hostname. | |
109 | The default is "No". | |
7131e285 | 110 | .SH NOTES |
8072030b | 111 | The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS. |
08d56b1f MS |
112 | Configuration settings can instead be viewed or changed using the |
113 | .BR defaults (1) | |
114 | command: | |
115 | .nf | |
116 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required | |
117 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO | |
118 | ||
119 | defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption | |
120 | .fi | |
121 | On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates. | |
b423cd4c | 122 | .SH SEE ALSO |
7131e285 | 123 | .BR cups (1), |
08d56b1f | 124 | .BR default (1), |
7131e285 | 125 | CUPS Online Help (http://localhost:631/help) |
b423cd4c | 126 | .SH COPYRIGHT |
87030afb | 127 | Copyright \[co] 2007-2019 by Apple Inc. |