2 * TLS check program for CUPS.
4 * Copyright 2007-2015 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * file is missing or damaged, see the license at "http://www.cups.org/".
13 * This file is subject to the Apple OS-Developed Software exception.
17 * Include necessary headers...
20 #include "cups-private.h"
24 int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
31 static void usage(void);
35 * 'main()' - Main entry.
38 int /* O - Exit status */
39 main(int argc
, /* I - Number of command-line arguments */
40 char *argv
[]) /* I - Command-line arguments */
42 int i
; /* Looping var */
43 http_t
*http
; /* HTTP connection */
44 const char *server
= NULL
; /* Hostname from command-line */
45 int port
= 0; /* Port number */
46 const char *cipherName
= "UNKNOWN";/* Cipher suite name */
47 int dhBits
= 0; /* Diffie-Hellman bits */
48 int tlsVersion
= 0; /* TLS version number */
49 char uri
[1024], /* Printer URI */
50 scheme
[32], /* URI scheme */
51 host
[256], /* Hostname */
52 userpass
[256], /* Username/password */
53 resource
[256]; /* Resource path */
54 int af
= AF_UNSPEC
, /* Address family */
55 tls_options
= _HTTP_TLS_NONE
,
57 verbose
= 0; /* Verbosity */
58 ipp_t
*request
, /* IPP Get-Printer-Attributes request */
59 *response
; /* IPP Get-Printer-Attributes response */
60 ipp_attribute_t
*attr
; /* Current attribute */
61 const char *name
; /* Attribute name */
62 char value
[1024]; /* Attribute (string) value */
63 static const char * const pattrs
[] = /* Requested attributes */
66 "compression-supported",
67 "document-format-supported",
70 "printer-make-and-model",
72 "printer-state-reasons",
74 "uri-authentication-supported",
75 "uri-security-supported"
79 for (i
= 1; i
< argc
; i
++)
81 if (!strcmp(argv
[i
], "--dh"))
83 tls_options
|= _HTTP_TLS_ALLOW_DH
;
85 else if (!strcmp(argv
[i
], "--no-tls10"))
87 tls_options
|= _HTTP_TLS_DENY_TLS10
;
89 else if (!strcmp(argv
[i
], "--rc4"))
91 tls_options
|= _HTTP_TLS_ALLOW_RC4
;
93 else if (!strcmp(argv
[i
], "--verbose") || !strcmp(argv
[i
], "-v"))
97 else if (!strcmp(argv
[i
], "-4"))
101 else if (!strcmp(argv
[i
], "-6"))
105 else if (argv
[i
][0] == '-')
107 printf("tlscheck: Unknown option '%s'.\n", argv
[i
]);
112 if (!strncmp(argv
[i
], "ipps://", 7))
114 httpSeparateURI(HTTP_URI_CODING_ALL
, argv
[i
], scheme
, sizeof(scheme
), userpass
, sizeof(userpass
), host
, sizeof(host
), &port
, resource
, sizeof(resource
));
120 strlcpy(resource
, "/ipp/print", sizeof(resource
));
123 else if (!port
&& (argv
[i
][0] == '=' || isdigit(argv
[i
][0] & 255)))
125 if (argv
[i
][0] == '=')
126 port
= atoi(argv
[i
] + 1);
128 port
= atoi(argv
[i
]);
132 printf("tlscheck: Unexpected argument '%s'.\n", argv
[i
]);
143 _httpTLSSetOptions(tls_options
);
145 http
= httpConnect2(server
, port
, NULL
, af
, HTTP_ENCRYPTION_ALWAYS
, 1, 30000, NULL
);
148 printf("%s: ERROR (%s)\n", server
, cupsLastErrorString());
153 SSLProtocol protocol
;
154 SSLCipherSuite cipher
;
155 char unknownCipherName
[256];
156 int paramsNeeded
= 0;
161 if ((err
= SSLGetNegotiatedProtocolVersion(http
->tls
, &protocol
)) != noErr
)
163 printf("%s: ERROR (No protocol version - %d)\n", server
, (int)err
);
179 case kTLSProtocol11
:
182 case kTLSProtocol12
:
187 if ((err
= SSLGetNegotiatedCipher(http
->tls
, &cipher
)) != noErr
)
189 printf("%s: ERROR (No cipher suite - %d)\n", server
, (int)err
);
196 case TLS_NULL_WITH_NULL_NULL
:
197 cipherName
= "TLS_NULL_WITH_NULL_NULL";
199 case TLS_RSA_WITH_NULL_MD5
:
200 cipherName
= "TLS_RSA_WITH_NULL_MD5";
202 case TLS_RSA_WITH_NULL_SHA
:
203 cipherName
= "TLS_RSA_WITH_NULL_SHA";
205 case TLS_RSA_WITH_RC4_128_MD5
:
206 cipherName
= "TLS_RSA_WITH_RC4_128_MD5";
208 case TLS_RSA_WITH_RC4_128_SHA
:
209 cipherName
= "TLS_RSA_WITH_RC4_128_SHA";
211 case TLS_RSA_WITH_3DES_EDE_CBC_SHA
:
212 cipherName
= "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
214 case TLS_RSA_WITH_NULL_SHA256
:
215 cipherName
= "TLS_RSA_WITH_NULL_SHA256";
217 case TLS_RSA_WITH_AES_128_CBC_SHA256
:
218 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA256";
220 case TLS_RSA_WITH_AES_256_CBC_SHA256
:
221 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA256";
223 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
:
224 cipherName
= "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
227 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
:
228 cipherName
= "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
231 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
:
232 cipherName
= "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
235 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:
236 cipherName
= "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
239 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256
:
240 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
243 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256
:
244 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
247 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
:
248 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
251 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
:
252 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
255 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256
:
256 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
259 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256
:
260 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
263 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
:
264 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
267 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
:
268 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
271 case TLS_DH_anon_WITH_RC4_128_MD5
:
272 cipherName
= "TLS_DH_anon_WITH_RC4_128_MD5";
275 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
:
276 cipherName
= "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
279 case TLS_DH_anon_WITH_AES_128_CBC_SHA256
:
280 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
283 case TLS_DH_anon_WITH_AES_256_CBC_SHA256
:
284 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
287 case TLS_PSK_WITH_RC4_128_SHA
:
288 cipherName
= "TLS_PSK_WITH_RC4_128_SHA";
290 case TLS_PSK_WITH_3DES_EDE_CBC_SHA
:
291 cipherName
= "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
293 case TLS_PSK_WITH_AES_128_CBC_SHA
:
294 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA";
296 case TLS_PSK_WITH_AES_256_CBC_SHA
:
297 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA";
299 case TLS_DHE_PSK_WITH_RC4_128_SHA
:
300 cipherName
= "TLS_DHE_PSK_WITH_RC4_128_SHA";
303 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
:
304 cipherName
= "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
307 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA
:
308 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
311 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA
:
312 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
315 case TLS_RSA_PSK_WITH_RC4_128_SHA
:
316 cipherName
= "TLS_RSA_PSK_WITH_RC4_128_SHA";
318 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
:
319 cipherName
= "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
321 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA
:
322 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
324 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA
:
325 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
327 case TLS_PSK_WITH_NULL_SHA
:
328 cipherName
= "TLS_PSK_WITH_NULL_SHA";
330 case TLS_DHE_PSK_WITH_NULL_SHA
:
331 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA";
334 case TLS_RSA_PSK_WITH_NULL_SHA
:
335 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA";
337 case TLS_RSA_WITH_AES_128_GCM_SHA256
:
338 cipherName
= "TLS_RSA_WITH_AES_128_GCM_SHA256";
340 case TLS_RSA_WITH_AES_256_GCM_SHA384
:
341 cipherName
= "TLS_RSA_WITH_AES_256_GCM_SHA384";
343 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
:
344 cipherName
= "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
347 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
:
348 cipherName
= "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
351 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256
:
352 cipherName
= "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
355 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384
:
356 cipherName
= "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
359 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
:
360 cipherName
= "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
363 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
:
364 cipherName
= "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
367 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256
:
368 cipherName
= "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
371 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384
:
372 cipherName
= "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
375 case TLS_DH_anon_WITH_AES_128_GCM_SHA256
:
376 cipherName
= "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
379 case TLS_DH_anon_WITH_AES_256_GCM_SHA384
:
380 cipherName
= "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
383 case TLS_PSK_WITH_AES_128_GCM_SHA256
:
384 cipherName
= "TLS_PSK_WITH_AES_128_GCM_SHA256";
386 case TLS_PSK_WITH_AES_256_GCM_SHA384
:
387 cipherName
= "TLS_PSK_WITH_AES_256_GCM_SHA384";
389 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
:
390 cipherName
= "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
393 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
:
394 cipherName
= "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
397 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
:
398 cipherName
= "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
400 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
:
401 cipherName
= "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
403 case TLS_PSK_WITH_AES_128_CBC_SHA256
:
404 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA256";
406 case TLS_PSK_WITH_AES_256_CBC_SHA384
:
407 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA384";
409 case TLS_PSK_WITH_NULL_SHA256
:
410 cipherName
= "TLS_PSK_WITH_NULL_SHA256";
412 case TLS_PSK_WITH_NULL_SHA384
:
413 cipherName
= "TLS_PSK_WITH_NULL_SHA384";
415 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
:
416 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
419 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
:
420 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
423 case TLS_DHE_PSK_WITH_NULL_SHA256
:
424 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA256";
427 case TLS_DHE_PSK_WITH_NULL_SHA384
:
428 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA384";
431 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
:
432 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
434 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
:
435 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
437 case TLS_RSA_PSK_WITH_NULL_SHA256
:
438 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA256";
440 case TLS_RSA_PSK_WITH_NULL_SHA384
:
441 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA384";
443 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
:
444 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
447 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
:
448 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
451 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
:
452 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
455 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
456 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
459 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
:
460 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
463 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
:
464 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
467 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
:
468 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
471 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
:
472 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
475 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
:
476 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
479 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
:
480 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
483 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
:
484 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
487 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
:
488 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
491 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
492 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
495 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
:
496 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
499 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
:
500 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
503 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
:
504 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
507 case TLS_RSA_WITH_AES_128_CBC_SHA
:
508 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA";
510 case TLS_DH_DSS_WITH_AES_128_CBC_SHA
:
511 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
514 case TLS_DH_RSA_WITH_AES_128_CBC_SHA
:
515 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
518 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA
:
519 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
522 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:
523 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
526 case TLS_DH_anon_WITH_AES_128_CBC_SHA
:
527 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA";
530 case TLS_RSA_WITH_AES_256_CBC_SHA
:
531 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA";
533 case TLS_DH_DSS_WITH_AES_256_CBC_SHA
:
534 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
537 case TLS_DH_RSA_WITH_AES_256_CBC_SHA
:
538 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
541 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA
:
542 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
545 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA
:
546 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
549 case TLS_DH_anon_WITH_AES_256_CBC_SHA
:
550 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA";
553 case TLS_ECDH_ECDSA_WITH_NULL_SHA
:
554 cipherName
= "TLS_ECDH_ECDSA_WITH_NULL_SHA";
557 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA
:
558 cipherName
= "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
561 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
:
562 cipherName
= "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
565 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
:
566 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
569 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
:
570 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
573 case TLS_ECDHE_ECDSA_WITH_NULL_SHA
:
574 cipherName
= "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
577 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
:
578 cipherName
= "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
581 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
:
582 cipherName
= "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
585 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
:
586 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
589 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
:
590 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
593 case TLS_ECDH_RSA_WITH_NULL_SHA
:
594 cipherName
= "TLS_ECDH_RSA_WITH_NULL_SHA";
597 case TLS_ECDH_RSA_WITH_RC4_128_SHA
:
598 cipherName
= "TLS_ECDH_RSA_WITH_RC4_128_SHA";
601 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
:
602 cipherName
= "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
605 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
:
606 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
609 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
:
610 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
613 case TLS_ECDHE_RSA_WITH_NULL_SHA
:
614 cipherName
= "TLS_ECDHE_RSA_WITH_NULL_SHA";
617 case TLS_ECDHE_RSA_WITH_RC4_128_SHA
:
618 cipherName
= "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
621 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
:
622 cipherName
= "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
625 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
:
626 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
629 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
:
630 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
633 case TLS_ECDH_anon_WITH_NULL_SHA
:
634 cipherName
= "TLS_ECDH_anon_WITH_NULL_SHA";
637 case TLS_ECDH_anon_WITH_RC4_128_SHA
:
638 cipherName
= "TLS_ECDH_anon_WITH_RC4_128_SHA";
641 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
:
642 cipherName
= "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
645 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA
:
646 cipherName
= "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
649 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA
:
650 cipherName
= "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
654 snprintf(unknownCipherName
, sizeof(unknownCipherName
), "UNKNOWN_%04X", cipher
);
655 cipherName
= unknownCipherName
;
659 if (cipher
== TLS_RSA_WITH_RC4_128_MD5
||
660 cipher
== TLS_RSA_WITH_RC4_128_SHA
)
662 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server
);
667 if ((err
= SSLGetDiffieHellmanParams(http
->tls
, ¶ms
, ¶msLen
)) != noErr
&& paramsNeeded
)
669 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server
, (int)err
);
674 if (paramsLen
< 128 && paramsLen
!= 0)
676 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server
, (int)paramsLen
* 8, (int)paramsLen
);
681 dhBits
= (int)paramsLen
* 8;
682 #endif /* __APPLE__ */
685 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
, dhBits
);
687 printf("%s: OK (TLS: %d.%d, %s)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
);
691 httpAssembleURI(HTTP_URI_CODING_ALL
, uri
, sizeof(uri
), "ipps", NULL
, host
, port
, resource
);
692 request
= ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES
);
693 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_URI
, "printer-uri", NULL
, uri
);
694 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_NAME
, "requesting-user-name", NULL
, cupsUser());
695 ippAddStrings(request
, IPP_TAG_OPERATION
, IPP_TAG_KEYWORD
, "requested-attributes", (int)(sizeof(pattrs
) / sizeof(pattrs
[0])), NULL
, pattrs
);
697 response
= cupsDoRequest(http
, request
, resource
);
699 for (attr
= ippFirstAttribute(response
); attr
; attr
= ippNextAttribute(response
))
701 if (ippGetGroupTag(attr
) != IPP_TAG_PRINTER
)
704 if ((name
= ippGetName(attr
)) == NULL
)
707 ippAttributeString(attr
, value
, sizeof(value
));
708 printf(" %s=%s\n", name
, value
);
721 * 'usage()' - Show program usage.
727 puts("Usage: ./tlscheck [options] server [port]");
728 puts(" ./tlscheck [options] ipps://server[:port]/path");
731 puts(" --dh Allow DH/DHE key exchange");
732 puts(" --no-tls10 Disable TLS/1.0");
733 puts(" --rc4 Allow RC4 encryption");
734 puts(" --verbose Be verbose");
735 puts(" -4 Connect using IPv4 addresses only");
736 puts(" -6 Connect using IPv6 addresses only");
737 puts(" -v Be verbose");
739 puts("The default port is 631.");
743 #endif /* !HAVE_SSL */