Add support for MinTLS and MaxTLS options (Issue #5119)

[thirdparty/cups.git] / man / cupsd.conf.man.in

diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in
index 28eed35e134aa10f3cb64863d96eba3b53d20b08..1c2199949a05fbb8c0156b6728d99f7edef1f392 100644 (file)
--- a/man/cupsd.conf.man.in
+++ b/man/cupsd.conf.man.in
@@ -451,10 +451,11 @@ Set the specified environment variable to be passed to child processes.
 Listens on the specified address and port for encrypted connections.
 .\"#SSLOptions
 .TP 5
-\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR]
+.TP 5
+\fBSSLOptions \fR[\fIAllowDH\fR] [\fIAllowRC4\fR] [\fIAllowSSL3\fR] [\fIDenyCBC\fR] [\fIDenyTLS1.0\fR] [\fIMaxTLS1.0\fR] [\fIMaxTLS1.1\fR] [\fIMaxTLS1.2\fR] [\fIMaxTLS1.3\fR] [\fIMinTLS1.0\fR] [\fIMinTLS1.1\fR] [\fIMinTLS1.2\fR] [\fIMinTLS1.3\fR]
 .TP 5
 \fBSSLOptions None\fR
-Sets encryption options.
+Sets encryption options (only in /etc/cups/client.conf).
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
 Security is reduced when \fIAllow\fR options are used.
 Security is enhanced when \fIDeny\fR options are used.
@@ -463,6 +464,9 @@ The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are requi
 The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
 The \fIDenyCBC\fR option disables all CBC cipher suites.
 The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
+The \fMinTLS\fR options set the minimum TLS version to support.
+The \fMaxTLS\fR options set the maximum TLS version to support.
+Not all operating systems support TLS 1.3 at this time.
 .\"#SSLPort
 .TP 5
 \fBSSLPort \fIport\fR