2 * TLS check program for CUPS.
4 * Copyright 2007-2017 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * missing or damaged, see the license at "http://www.cups.org/".
13 * This file is subject to the Apple OS-Developed Software exception.
17 * Include necessary headers...
20 #include "cups-private.h"
24 int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
31 static void usage(void);
35 * 'main()' - Main entry.
38 int /* O - Exit status */
39 main(int argc
, /* I - Number of command-line arguments */
40 char *argv
[]) /* I - Command-line arguments */
42 int i
; /* Looping var */
43 http_t
*http
; /* HTTP connection */
44 const char *server
= NULL
; /* Hostname from command-line */
45 int port
= 0; /* Port number */
46 const char *cipherName
= "UNKNOWN";/* Cipher suite name */
47 int dhBits
= 0; /* Diffie-Hellman bits */
48 int tlsVersion
= 0; /* TLS version number */
49 char uri
[1024], /* Printer URI */
50 scheme
[32], /* URI scheme */
51 host
[256], /* Hostname */
52 userpass
[256], /* Username/password */
53 resource
[256]; /* Resource path */
54 int af
= AF_UNSPEC
, /* Address family */
55 tls_options
= _HTTP_TLS_NONE
,
57 tls_min_version
= _HTTP_TLS_1_0
,
58 tls_max_version
= _HTTP_TLS_MAX
,
59 verbose
= 0; /* Verbosity */
60 ipp_t
*request
, /* IPP Get-Printer-Attributes request */
61 *response
; /* IPP Get-Printer-Attributes response */
62 ipp_attribute_t
*attr
; /* Current attribute */
63 const char *name
; /* Attribute name */
64 char value
[1024]; /* Attribute (string) value */
65 static const char * const pattrs
[] = /* Requested attributes */
68 "compression-supported",
69 "document-format-supported",
72 "printer-make-and-model",
74 "printer-state-reasons",
76 "uri-authentication-supported",
77 "uri-security-supported"
81 for (i
= 1; i
< argc
; i
++)
83 if (!strcmp(argv
[i
], "--dh"))
85 tls_options
|= _HTTP_TLS_ALLOW_DH
;
87 else if (!strcmp(argv
[i
], "--no-cbc"))
89 tls_options
|= _HTTP_TLS_DENY_CBC
;
91 else if (!strcmp(argv
[i
], "--no-tls10"))
93 tls_min_version
= _HTTP_TLS_1_1
;
95 else if (!strcmp(argv
[i
], "--tls10"))
97 tls_min_version
= _HTTP_TLS_1_0
;
98 tls_max_version
= _HTTP_TLS_1_0
;
100 else if (!strcmp(argv
[i
], "--rc4"))
102 tls_options
|= _HTTP_TLS_ALLOW_RC4
;
104 else if (!strcmp(argv
[i
], "--verbose") || !strcmp(argv
[i
], "-v"))
108 else if (!strcmp(argv
[i
], "-4"))
112 else if (!strcmp(argv
[i
], "-6"))
116 else if (argv
[i
][0] == '-')
118 printf("tlscheck: Unknown option '%s'.\n", argv
[i
]);
123 if (!strncmp(argv
[i
], "ipps://", 7))
125 httpSeparateURI(HTTP_URI_CODING_ALL
, argv
[i
], scheme
, sizeof(scheme
), userpass
, sizeof(userpass
), host
, sizeof(host
), &port
, resource
, sizeof(resource
));
131 strlcpy(resource
, "/ipp/print", sizeof(resource
));
134 else if (!port
&& (argv
[i
][0] == '=' || isdigit(argv
[i
][0] & 255)))
136 if (argv
[i
][0] == '=')
137 port
= atoi(argv
[i
] + 1);
139 port
= atoi(argv
[i
]);
143 printf("tlscheck: Unexpected argument '%s'.\n", argv
[i
]);
154 _httpTLSSetOptions(tls_options
, tls_min_version
, tls_max_version
);
156 http
= httpConnect2(server
, port
, NULL
, af
, HTTP_ENCRYPTION_ALWAYS
, 1, 30000, NULL
);
159 printf("%s: ERROR (%s)\n", server
, cupsLastErrorString());
164 SSLProtocol protocol
;
165 SSLCipherSuite cipher
;
166 char unknownCipherName
[256];
167 int paramsNeeded
= 0;
172 if ((err
= SSLGetNegotiatedProtocolVersion(http
->tls
, &protocol
)) != noErr
)
174 printf("%s: ERROR (No protocol version - %d)\n", server
, (int)err
);
190 case kTLSProtocol11
:
193 case kTLSProtocol12
:
198 if ((err
= SSLGetNegotiatedCipher(http
->tls
, &cipher
)) != noErr
)
200 printf("%s: ERROR (No cipher suite - %d)\n", server
, (int)err
);
207 case TLS_NULL_WITH_NULL_NULL
:
208 cipherName
= "TLS_NULL_WITH_NULL_NULL";
210 case TLS_RSA_WITH_NULL_MD5
:
211 cipherName
= "TLS_RSA_WITH_NULL_MD5";
213 case TLS_RSA_WITH_NULL_SHA
:
214 cipherName
= "TLS_RSA_WITH_NULL_SHA";
216 case TLS_RSA_WITH_RC4_128_MD5
:
217 cipherName
= "TLS_RSA_WITH_RC4_128_MD5";
219 case TLS_RSA_WITH_RC4_128_SHA
:
220 cipherName
= "TLS_RSA_WITH_RC4_128_SHA";
222 case TLS_RSA_WITH_3DES_EDE_CBC_SHA
:
223 cipherName
= "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
225 case TLS_RSA_WITH_NULL_SHA256
:
226 cipherName
= "TLS_RSA_WITH_NULL_SHA256";
228 case TLS_RSA_WITH_AES_128_CBC_SHA256
:
229 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA256";
231 case TLS_RSA_WITH_AES_256_CBC_SHA256
:
232 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA256";
234 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
:
235 cipherName
= "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
238 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
:
239 cipherName
= "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
242 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
:
243 cipherName
= "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
246 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
:
247 cipherName
= "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
250 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256
:
251 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
254 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256
:
255 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
258 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
:
259 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
262 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
:
263 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
266 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256
:
267 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
270 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256
:
271 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
274 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
:
275 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
278 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
:
279 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
282 case TLS_DH_anon_WITH_RC4_128_MD5
:
283 cipherName
= "TLS_DH_anon_WITH_RC4_128_MD5";
286 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
:
287 cipherName
= "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
290 case TLS_DH_anon_WITH_AES_128_CBC_SHA256
:
291 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
294 case TLS_DH_anon_WITH_AES_256_CBC_SHA256
:
295 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
298 case TLS_PSK_WITH_RC4_128_SHA
:
299 cipherName
= "TLS_PSK_WITH_RC4_128_SHA";
301 case TLS_PSK_WITH_3DES_EDE_CBC_SHA
:
302 cipherName
= "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
304 case TLS_PSK_WITH_AES_128_CBC_SHA
:
305 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA";
307 case TLS_PSK_WITH_AES_256_CBC_SHA
:
308 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA";
310 case TLS_DHE_PSK_WITH_RC4_128_SHA
:
311 cipherName
= "TLS_DHE_PSK_WITH_RC4_128_SHA";
314 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
:
315 cipherName
= "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
318 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA
:
319 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
322 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA
:
323 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
326 case TLS_RSA_PSK_WITH_RC4_128_SHA
:
327 cipherName
= "TLS_RSA_PSK_WITH_RC4_128_SHA";
329 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
:
330 cipherName
= "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
332 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA
:
333 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
335 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA
:
336 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
338 case TLS_PSK_WITH_NULL_SHA
:
339 cipherName
= "TLS_PSK_WITH_NULL_SHA";
341 case TLS_DHE_PSK_WITH_NULL_SHA
:
342 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA";
345 case TLS_RSA_PSK_WITH_NULL_SHA
:
346 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA";
348 case TLS_RSA_WITH_AES_128_GCM_SHA256
:
349 cipherName
= "TLS_RSA_WITH_AES_128_GCM_SHA256";
351 case TLS_RSA_WITH_AES_256_GCM_SHA384
:
352 cipherName
= "TLS_RSA_WITH_AES_256_GCM_SHA384";
354 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
:
355 cipherName
= "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
358 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
:
359 cipherName
= "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
362 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256
:
363 cipherName
= "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
366 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384
:
367 cipherName
= "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
370 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
:
371 cipherName
= "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
374 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
:
375 cipherName
= "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
378 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256
:
379 cipherName
= "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
382 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384
:
383 cipherName
= "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
386 case TLS_DH_anon_WITH_AES_128_GCM_SHA256
:
387 cipherName
= "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
390 case TLS_DH_anon_WITH_AES_256_GCM_SHA384
:
391 cipherName
= "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
394 case TLS_PSK_WITH_AES_128_GCM_SHA256
:
395 cipherName
= "TLS_PSK_WITH_AES_128_GCM_SHA256";
397 case TLS_PSK_WITH_AES_256_GCM_SHA384
:
398 cipherName
= "TLS_PSK_WITH_AES_256_GCM_SHA384";
400 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
:
401 cipherName
= "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
404 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
:
405 cipherName
= "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
408 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
:
409 cipherName
= "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
411 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
:
412 cipherName
= "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
414 case TLS_PSK_WITH_AES_128_CBC_SHA256
:
415 cipherName
= "TLS_PSK_WITH_AES_128_CBC_SHA256";
417 case TLS_PSK_WITH_AES_256_CBC_SHA384
:
418 cipherName
= "TLS_PSK_WITH_AES_256_CBC_SHA384";
420 case TLS_PSK_WITH_NULL_SHA256
:
421 cipherName
= "TLS_PSK_WITH_NULL_SHA256";
423 case TLS_PSK_WITH_NULL_SHA384
:
424 cipherName
= "TLS_PSK_WITH_NULL_SHA384";
426 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
:
427 cipherName
= "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
430 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
:
431 cipherName
= "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
434 case TLS_DHE_PSK_WITH_NULL_SHA256
:
435 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA256";
438 case TLS_DHE_PSK_WITH_NULL_SHA384
:
439 cipherName
= "TLS_DHE_PSK_WITH_NULL_SHA384";
442 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
:
443 cipherName
= "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
445 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
:
446 cipherName
= "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
448 case TLS_RSA_PSK_WITH_NULL_SHA256
:
449 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA256";
451 case TLS_RSA_PSK_WITH_NULL_SHA384
:
452 cipherName
= "TLS_RSA_PSK_WITH_NULL_SHA384";
454 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
:
455 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
458 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
:
459 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
462 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
:
463 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
466 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
:
467 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
470 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
:
471 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
474 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
:
475 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
478 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
:
479 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
482 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
:
483 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
486 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
:
487 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
490 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
:
491 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
494 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
:
495 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
498 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
:
499 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
502 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
503 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
506 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
:
507 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
510 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
:
511 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
514 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
:
515 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
518 case TLS_RSA_WITH_AES_128_CBC_SHA
:
519 cipherName
= "TLS_RSA_WITH_AES_128_CBC_SHA";
521 case TLS_DH_DSS_WITH_AES_128_CBC_SHA
:
522 cipherName
= "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
525 case TLS_DH_RSA_WITH_AES_128_CBC_SHA
:
526 cipherName
= "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
529 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA
:
530 cipherName
= "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
533 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA
:
534 cipherName
= "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
537 case TLS_DH_anon_WITH_AES_128_CBC_SHA
:
538 cipherName
= "TLS_DH_anon_WITH_AES_128_CBC_SHA";
541 case TLS_RSA_WITH_AES_256_CBC_SHA
:
542 cipherName
= "TLS_RSA_WITH_AES_256_CBC_SHA";
544 case TLS_DH_DSS_WITH_AES_256_CBC_SHA
:
545 cipherName
= "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
548 case TLS_DH_RSA_WITH_AES_256_CBC_SHA
:
549 cipherName
= "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
552 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA
:
553 cipherName
= "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
556 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA
:
557 cipherName
= "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
560 case TLS_DH_anon_WITH_AES_256_CBC_SHA
:
561 cipherName
= "TLS_DH_anon_WITH_AES_256_CBC_SHA";
564 case TLS_ECDH_ECDSA_WITH_NULL_SHA
:
565 cipherName
= "TLS_ECDH_ECDSA_WITH_NULL_SHA";
568 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA
:
569 cipherName
= "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
572 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
:
573 cipherName
= "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
576 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
:
577 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
580 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
:
581 cipherName
= "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
584 case TLS_ECDHE_ECDSA_WITH_NULL_SHA
:
585 cipherName
= "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
588 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
:
589 cipherName
= "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
592 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
:
593 cipherName
= "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
596 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
:
597 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
600 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
:
601 cipherName
= "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
604 case TLS_ECDH_RSA_WITH_NULL_SHA
:
605 cipherName
= "TLS_ECDH_RSA_WITH_NULL_SHA";
608 case TLS_ECDH_RSA_WITH_RC4_128_SHA
:
609 cipherName
= "TLS_ECDH_RSA_WITH_RC4_128_SHA";
612 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
:
613 cipherName
= "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
616 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
:
617 cipherName
= "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
620 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
:
621 cipherName
= "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
624 case TLS_ECDHE_RSA_WITH_NULL_SHA
:
625 cipherName
= "TLS_ECDHE_RSA_WITH_NULL_SHA";
628 case TLS_ECDHE_RSA_WITH_RC4_128_SHA
:
629 cipherName
= "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
632 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
:
633 cipherName
= "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
636 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
:
637 cipherName
= "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
640 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
:
641 cipherName
= "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
644 case TLS_ECDH_anon_WITH_NULL_SHA
:
645 cipherName
= "TLS_ECDH_anon_WITH_NULL_SHA";
648 case TLS_ECDH_anon_WITH_RC4_128_SHA
:
649 cipherName
= "TLS_ECDH_anon_WITH_RC4_128_SHA";
652 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
:
653 cipherName
= "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
656 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA
:
657 cipherName
= "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
660 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA
:
661 cipherName
= "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
665 snprintf(unknownCipherName
, sizeof(unknownCipherName
), "UNKNOWN_%04X", cipher
);
666 cipherName
= unknownCipherName
;
670 if (cipher
== TLS_RSA_WITH_RC4_128_MD5
||
671 cipher
== TLS_RSA_WITH_RC4_128_SHA
)
673 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server
);
678 if ((err
= SSLGetDiffieHellmanParams(http
->tls
, ¶ms
, ¶msLen
)) != noErr
&& paramsNeeded
)
680 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server
, (int)err
);
685 if (paramsLen
< 128 && paramsLen
!= 0)
687 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server
, (int)paramsLen
* 8, (int)paramsLen
);
692 dhBits
= (int)paramsLen
* 8;
693 #endif /* __APPLE__ */
696 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
, dhBits
);
698 printf("%s: OK (TLS: %d.%d, %s)\n", server
, tlsVersion
/ 10, tlsVersion
% 10, cipherName
);
702 httpAssembleURI(HTTP_URI_CODING_ALL
, uri
, sizeof(uri
), "ipps", NULL
, host
, port
, resource
);
703 request
= ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES
);
704 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_URI
, "printer-uri", NULL
, uri
);
705 ippAddString(request
, IPP_TAG_OPERATION
, IPP_TAG_NAME
, "requesting-user-name", NULL
, cupsUser());
706 ippAddStrings(request
, IPP_TAG_OPERATION
, IPP_TAG_KEYWORD
, "requested-attributes", (int)(sizeof(pattrs
) / sizeof(pattrs
[0])), NULL
, pattrs
);
708 response
= cupsDoRequest(http
, request
, resource
);
710 for (attr
= ippFirstAttribute(response
); attr
; attr
= ippNextAttribute(response
))
712 if (ippGetGroupTag(attr
) != IPP_TAG_PRINTER
)
715 if ((name
= ippGetName(attr
)) == NULL
)
718 ippAttributeString(attr
, value
, sizeof(value
));
719 printf(" %s=%s\n", name
, value
);
732 * 'usage()' - Show program usage.
738 puts("Usage: ./tlscheck [options] server [port]");
739 puts(" ./tlscheck [options] ipps://server[:port]/path");
742 puts(" --dh Allow DH/DHE key exchange");
743 puts(" --no-cbc Disable CBC cipher suites");
744 puts(" --no-tls10 Disable TLS/1.0");
745 puts(" --rc4 Allow RC4 encryption");
746 puts(" --tls10 Only use TLS/1.0");
747 puts(" --verbose Be verbose");
748 puts(" -4 Connect using IPv4 addresses only");
749 puts(" -6 Connect using IPv6 addresses only");
750 puts(" -v Be verbose");
752 puts("The default port is 631.");
756 #endif /* !HAVE_SSL */