]>
Commit | Line | Data |
---|---|---|
b423cd4c | 1 | .\" |
7131e285 | 2 | .\" client.conf man page for CUPS. |
b423cd4c | 3 | .\" |
87030afb MS |
4 | .\" Copyright © 2007-2019 by Apple Inc. |
5 | .\" Copyright © 2006 by Easy Software Products. | |
b423cd4c | 6 | .\" |
87030afb MS |
7 | .\" Licensed under Apache License v2.0. See the file "LICENSE" for more |
8 | .\" information. | |
b423cd4c | 9 | .\" |
ec8beb89 | 10 | .TH client.conf 5 "CUPS" "15 October 2019" "Apple Inc." |
b423cd4c | 11 | .SH NAME |
87030afb | 12 | client.conf \- client configuration file for cups (deprecated on macos) |
b423cd4c | 13 | .SH DESCRIPTION |
7131e285 MS |
14 | The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories. |
15 | Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. | |
16 | .LP | |
8072030b MS |
17 | \fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. |
18 | The \fBServerName\fR directive is not supported on macOS at all. | |
19 | Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead. | |
08d56b1f | 20 | See the NOTES section below for more information. |
7131e285 MS |
21 | .SS DIRECTIVES |
22 | The following directives are understood by the client. Consult the online help for detailed descriptions: | |
ec8beb89 | 23 | .\"#AllowAnyRoot |
b423cd4c | 24 | .TP 5 |
f51f3773 | 25 | \fBAllowAnyRoot Yes\fR |
f9988e18 | 26 | .TP 5 |
f51f3773 | 27 | \fBAllowAnyRoot No\fR |
f9988e18 | 28 | Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. |
f51f3773 | 29 | The default is "Yes". |
ec8beb89 | 30 | .\"#AllowExpiredCerts |
f9988e18 | 31 | .TP 5 |
f51f3773 | 32 | \fBAllowExpiredCerts Yes\fR |
f9988e18 | 33 | .TP 5 |
f51f3773 | 34 | \fBAllowExpiredCerts No\fR |
f9988e18 | 35 | Specifies whether to allow TLS with expired certificates. |
08d56b1f | 36 | The default is "No". |
ec8beb89 MS |
37 | .\"#DigestOptions |
38 | .TP 5 | |
39 | \fBDigestOptions DenyMD5\fR | |
40 | .TP 5 | |
41 | \fBDigestOptions None\fR | |
42 | Specifies HTTP Digest authentication options. | |
43 | \fBDenyMD5\fR disables support for the original MD5 hash algorithm. | |
44 | .\"#Encryption | |
f9988e18 | 45 | .TP 5 |
7131e285 | 46 | \fBEncryption IfRequested\fR |
b423cd4c | 47 | .TP 5 |
7131e285 | 48 | \fBEncryption Never\fR |
b423cd4c | 49 | .TP 5 |
7131e285 MS |
50 | \fBEncryption Required\fR |
51 | Specifies the level of encryption that should be used. | |
ec8beb89 | 52 | .\"#GSSServiceName |
b423cd4c | 53 | .TP 5 |
7131e285 MS |
54 | \fBGSSServiceName \fIname\fR |
55 | Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". | |
56 | CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". | |
ec8beb89 | 57 | .\"#ServerName |
07ed0e9a | 58 | .TP 5 |
7131e285 | 59 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR] |
b423cd4c | 60 | .TP 5 |
7131e285 MS |
61 | \fBServerName \fI/domain/socket\fR |
62 | Specifies the address and optionally the port to use when connecting to the server. | |
21d8d62b | 63 | \fBNote: This directive is not supported on macOS 10.7 or later.\fR |
3e7fe0ca | 64 | .TP 5 |
7131e285 MS |
65 | \fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR |
66 | Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. | |
ec8beb89 | 67 | .\"#SSLOptions |
3699c637 | 68 | .TP 5 |
8f1fbdec | 69 | \fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR] |
63aefcd5 MS |
70 | .TP 5 |
71 | \fBSSLOptions None\fR | |
72 | Sets encryption options (only in /etc/cups/client.conf). | |
73 | By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. | |
02c88e67 MS |
74 | Security is reduced when \fIAllow\fR options are used. |
75 | Security is enhanced when \fIDeny\fR options are used. | |
76 | The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). | |
77 | The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients. | |
63aefcd5 | 78 | The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. |
f2e87147 | 79 | The \fIDenyCBC\fR option disables all CBC cipher suites. |
ee6226a5 | 80 | The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1. |
dda99de9 MS |
81 | The \fIMinTLS\fR options set the minimum TLS version to support. |
82 | The \fIMaxTLS\fR options set the maximum TLS version to support. | |
8f1fbdec | 83 | Not all operating systems support TLS 1.3 at this time. |
ec8beb89 | 84 | .\"#TrustOnFirstUse |
63aefcd5 | 85 | .TP 5 |
08d56b1f MS |
86 | \fBTrustOnFirstUse Yes\fR |
87 | .TP 5 | |
88 | \fBTrustOnFirstUse No\fR | |
89 | Specifies whether to trust new TLS certificates by default. | |
90 | The default is "Yes". | |
ec8beb89 | 91 | .\"#User |
08d56b1f | 92 | .TP 5 |
7131e285 | 93 | \fBUser \fIname\fR |
3e7fe0ca | 94 | Specifies the default user name to use for requests. |
59cd12c6 MS |
95 | .\"#UserAgentTokens |
96 | .TP 5 | |
97 | \fBUserAgentTokens None\fR | |
98 | .TP 5 | |
99 | \fBUserAgentTokens ProductOnly\fR | |
100 | .TP 5 | |
101 | \fBUserAgentTokens Major\fR | |
102 | .TP 5 | |
103 | \fBUserAgentTokens Minor\fR | |
104 | .TP 5 | |
105 | \fBUserAgentTokens Minimal\fR | |
106 | .TP 5 | |
107 | \fBUserAgentTokens OS\fR | |
108 | .TP 5 | |
109 | \fBUserAgentTokens Full\fR | |
110 | Specifies what information is included in the User-Agent header of HTTP requests. | |
111 | "None" disables the User-Agent header. | |
112 | "ProductOnly" reports "CUPS". | |
113 | "Major" reports "CUPS/major IPP/2". | |
114 | "Minor" reports "CUPS/major.minor IPP/2.1". | |
115 | "Minimal" reports "CUPS/major.minor.patch IPP/2.1". | |
116 | "OS" reports "CUPS/major.minor.path (osname osversion) IPP/2.1". | |
117 | "Full" reports "CUPS/major.minor.path (osname osversion; architecture) IPP/2.1". | |
118 | The default is "Minimal". | |
ec8beb89 | 119 | .\"#ValidateCerts |
f51f3773 MS |
120 | .TP 5 |
121 | \fBValidateCerts Yes\fR | |
122 | .TP 5 | |
123 | \fBValidateCerts No\fR | |
124 | Specifies whether to only allow TLS with certificates whose common name matches the hostname. | |
125 | The default is "No". | |
7131e285 | 126 | .SH NOTES |
8072030b | 127 | The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS. |
08d56b1f MS |
128 | Configuration settings can instead be viewed or changed using the |
129 | .BR defaults (1) | |
130 | command: | |
131 | .nf | |
132 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required | |
133 | defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO | |
134 | ||
135 | defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption | |
136 | .fi | |
137 | On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates. | |
b423cd4c | 138 | .SH SEE ALSO |
7131e285 | 139 | .BR cups (1), |
08d56b1f | 140 | .BR default (1), |
7131e285 | 141 | CUPS Online Help (http://localhost:631/help) |
b423cd4c | 142 | .SH COPYRIGHT |
87030afb | 143 | Copyright \[co] 2007-2019 by Apple Inc. |