.\"
-.\" "$Id$"
+.\" client.conf man page for CUPS.
.\"
-.\" client.conf man page for the Common UNIX Printing System (CUPS).
+.\" Copyright 2007-2017 by Apple Inc.
+.\" Copyright 2006 by Easy Software Products.
.\"
-.\" Copyright 2006 by Easy Software Products.
+.\" Licensed under Apache License v2.0. See the file "LICENSE" for more information.
.\"
-.\" These coded instructions, statements, and computer programs are the
-.\" property of Easy Software Products and are protected by Federal
-.\" copyright law. Distribution and use rights are outlined in the file
-.\" "LICENSE.txt" which should have been included with this file. If this
-.\" file is missing or damaged please contact Easy Software Products
-.\" at:
-.\"
-.\" Attn: CUPS Licensing Information
-.\" Easy Software Products
-.\" 44141 Airport View Drive, Suite 204
-.\" Hollywood, Maryland 20636 USA
-.\"
-.\" Voice: (301) 373-9600
-.\" EMail: cups-info@cups.org
-.\" WWW: http://www.cups.org
-.\"
-.TH client.conf 5 "Common UNIX Printing System" "25 February 2006" "Easy Software Products"
+.TH client.conf 5 "CUPS" "3 November 2017" "Apple Inc."
.SH NAME
client.conf \- client configuration file for cups
.SH DESCRIPTION
-The \fIclient.conf\fR file configures the CUPS client and is
-normally located in the \fI@CUPS_SERVERROOT@\fR or \fI~/.cups\fR
-directory. Each line in the file can be a configuration
-directive, a blank line, or a comment. Comment lines start with
-the # character.
-.SH DIRECTIVES
-The following directives are understood by the client. Consult the
-on-line help for detailed descriptions:
-.TP 5
-Encryption IfRequested
-.TP 5
-Encryption Never
-.TP 5
-Encryption Required
-.br
-Specifies the level of encryption that is required for a particular
-location.
-.TP 5
-ServerName hostname-or-ip-address[:port]
-.TP 5
-ServerName /domain/socket
-.br
-Specifies the address and optionally the port to use when
-connecting to the server
+The \fBclient.conf\fR file configures the CUPS client and is normally located in the \fI/etc/cups\fR and/or \fI~/.cups\fR directories.
+Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
+.LP
+\fBNote:\fR Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
+The \fBServerName\fR directive is not supported on macOS at all.
+Starting with macOS 10.12, all applications can access these settings in the \fI/Library/Preferences/org.cups.PrintingPrefs.plist\fR file instead.
+See the NOTES section below for more information.
+.SS DIRECTIVES
+The following directives are understood by the client. Consult the online help for detailed descriptions:
+.TP 5
+\fBAllowAnyRoot Yes\fR
+.TP 5
+\fBAllowAnyRoot No\fR
+Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
+The default is "Yes".
+.TP 5
+\fBAllowExpiredCerts Yes\fR
+.TP 5
+\fBAllowExpiredCerts No\fR
+Specifies whether to allow TLS with expired certificates.
+The default is "No".
+.TP 5
+\fBEncryption IfRequested\fR
+.TP 5
+\fBEncryption Never\fR
+.TP 5
+\fBEncryption Required\fR
+Specifies the level of encryption that should be used.
+.TP 5
+\fBGSSServiceName \fIname\fR
+Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
+CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
+.TP 5
+\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]
+.TP 5
+\fBServerName \fI/domain/socket\fR
+Specifies the address and optionally the port to use when connecting to the server.
+\fBNote: This directive is not supported on macOS 10.7 or later.\fR
+.TP 5
+\fBServerName \fIhostname-or-ip-address\fR[\fI:port\fR]\fB/version=1.1\fR
+Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
+.TP 5
+\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR]
+.TP 5
+\fBSSLOptions None\fR
+Sets encryption options (only in /etc/cups/client.conf).
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+Security is reduced when \fIAllow\fR options are used.
+Security is enhanced when \fIDeny\fR options are used.
+The \fIAllowDH\fR option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients.
+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The \fIDenyCBC\fR option disables all CBC cipher suites.
+The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
+The \fIMinTLS\fR options set the minimum TLS version to support.
+The \fIMaxTLS\fR options set the maximum TLS version to support.
+Not all operating systems support TLS 1.3 at this time.
+.TP 5
+\fBTrustOnFirstUse Yes\fR
+.TP 5
+\fBTrustOnFirstUse No\fR
+Specifies whether to trust new TLS certificates by default.
+The default is "Yes".
+.TP 5
+\fBUser \fIname\fR
+Specifies the default user name to use for requests.
+.TP 5
+\fBValidateCerts Yes\fR
+.TP 5
+\fBValidateCerts No\fR
+Specifies whether to only allow TLS with certificates whose common name matches the hostname.
+The default is "No".
+.SH NOTES
+The \fBclient.conf\fR file is deprecated on macOS and will no longer be supported in a future version of CUPS.
+Configuration settings can instead be viewed or changed using the
+.BR defaults (1)
+command:
+.nf
+defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
+defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO
+
+defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
+.fi
+On Linux and other systems using GNU TLS, the \fI/etc/cups/ssl/site.crl\fR file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
.SH SEE ALSO
-http://localhost:631/help
+.BR cups (1),
+.BR default (1),
+CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
-Copyright 2006 by Easy Software Products, All Rights Reserved.
-.\"
-.\" End of "$Id$".
-.\"
+Copyright \[co] 2007-2017 by Apple Inc.
projects / thirdparty / cups.git / blobdiff