<b>Note: This directive is not supported on macOS 10.7 or later.</b>
<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>]
+<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>] [<i>MaxTLS1.0</i>] [<i>MaxTLS1.1</i>] [<i>MaxTLS1.2</i>] [<i>MaxTLS1.3</i>] [<i>MinTLS1.0</i>] [<i>MinTLS1.1</i>] [<i>MinTLS1.2</i>] [<i>MinTLS1.3</i>]
<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
-The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+Security is reduced when <i>Allow</i> options are used.
+Security is enhanced when <i>Deny</i> options are used.
+The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients.
The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The <i>DenyCBC</i> option disables all CBC cipher suites.
The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
+The <i>MinTLS</i> options set the minimum TLS version to support.
+The <i>MaxTLS</i> options set the maximum TLS version to support.
+Not all operating systems support TLS 1.3 at this time.
<dt><b>TrustOnFirstUse Yes</b>
<dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b>
<dd style="margin-left: 5.0em">Specifies whether to trust new TLS certificates by default.
<dt><b>permissions</b>
<dd style="margin-left: 5.0em">Bad startup file permissions are fatal, for example shared TLS certificate and key files with world-read permissions.
</div>
-<dt><a name="FileDevice"></a><b>FileDevice Yes</b>
-<dd style="margin-left: 5.0em"><dt><b>FileDevice No</b>
-<dd style="margin-left: 5.0em">Specifies whether the file pseudo-device can be used for new printer queues.
-The URI "file:///dev/null" is always allowed.
<dt><a name="Group"></a><b>Group </b><i>group-name-or-number</i>
<dd style="margin-left: 5.0em">Specifies the group name or ID that will be used when executing external programs.
The default group is operating system specific but is usually "lp" or "nobody".
<h3><a name="DEPRECATED_DIRECTIVES">Deprecated Directives</a></h3>
The following directives are deprecated and will be removed from a future version of CUPS:
<dl class="man">
+<dt><a name="FileDevice"></a><b>FileDevice Yes</b>
+<dd style="margin-left: 5.0em"><dt><b>FileDevice No</b>
+<dd style="margin-left: 5.0em">Specifies whether the file pseudo-device can be used for new printer queues.
+The URI "file:///dev/null" is always allowed.
+File devices cannot be used with "raw" print queues - a PPD file is required.
+The specified file is overwritten for every print job.
+Writing to directories is not supported.
<dt><a name="FontPath"></a><b>FontPath </b><i>directory[:...:directoryN]</i>
<dd style="margin-left: 5.0em">Specifies a colon separated list of directories where fonts can be found.
On Linux the
<p>The <i>message</i> field contains a free-form textual message.
Messages from job filters are prefixed with "[Job NNN]" where "NNN" is the job ID.
<h3><a name="PAGE_LOG_FILE_FORMAT">Page Log File Format</a></h3>
-The <i>page_log</i> file lists each page or group of pages that are sent to a printer.
+The <i>page_log</i> file lists the total number of pages (sheets) that are printed.
By default, each line contains the following information:
<pre class="man">
- <i>printer user job-id date-time page-number num-copies job-billing
- job-originating-host-name job-name media sides</i>
-
- <i>printer user job-id date-time </i><b>total </b><i>num-impressions job-billing
+ <i>printer user job-id date-time </i><b>total </b><i>num-sheets job-billing
job-originating-host-name job-name media sides</i>
</pre>
-For example the entries for a two page job called "myjob" might look like:
+For example the entry for a two page job called "myjob" might look like:
<pre class="man">
- DeskJet root 1 [20/May/1999:19:21:05 +0000] 1 1 acme-123
- localhost myjob na_letter_8.5x11in one-sided
- DeskJet root 1 [20/May/1999:19:21:05 +0000] 2 1 acme-123
- localhost myjob na_letter_8.5x11in one-sided
-
DeskJet root 1 [20/May/1999:19:21:06 +0000] total 2 acme-123
localhost myjob na_letter_8.5x11in one-sided
<p>The <i>job-id</i> field contains the job number of the page being printed.
<p>The <i>date-time</i> field contains the date and time of when the page started printing.
The format of this field is identical to the data-time field in the <i>access_log</i> file.
-<p>The <i>page-number</i> and <i>num-copies</i> fields contain the page number and number of copies being printed of that page.
-For printers that cannot produce copies on their own, the num-copies field will always be 1.
-<p>Lines containing the keyword "total" have a <i>num-impressions</i> field instead which provides the total number of impressions (sides) that have been printed on for the job.
+<p>The <i>num-sheets</i> field provides the total number of pages (sheets) that have been printed on for the job.
<p>The <i>job-billing</i> field contains a copy of the job-billing or job-account-id attributes provided with the IPP Create-Job or Print-Job requests or "-" if neither was provided.
<p>The <i>job-originating-host-name</i> field contains the hostname or IP address of the client that printed the job.
<p>The <i>job-name</i> field contains a copy of the job-name attribute provided with the IPP Create-Job or Print-Job requests or "-" if none was provided.
<dd style="margin-left: 5.0em"><br>
Specifies whether to purge job history data automatically when it is no longer required for quotas.
The default is "No".
+<dt><a name="BrowseDNSSDSubTypes"></a><b>BrowseDNSSDSubTypes</b><i>_subtype[,...]</i>
+<dd style="margin-left: 5.0em">Specifies a list of Bonjour sub-types to advertise for each shared printer.
+For example, "BrowseDNSSDSubTypes _cups,_print" will tell network clients that both CUPS sharing and IPP Everywhere are supported.
+The default is "_cups" which is necessary for printer sharing to work between systems using CUPS.
<dt><a name="BrowseLocalProtocols"></a><b>BrowseLocalProtocols all</b>
<dd style="margin-left: 5.0em"><dt><b>BrowseLocalProtocols dnssd</b>
<dd style="margin-left: 5.0em"><dt><b>BrowseLocalProtocols none</b>
<dd style="margin-left: 5.0em">Specifies the delay for updating of configuration and state files.
A value of 0 causes the update to happen as soon as possible, typically within a few milliseconds.
The default value is "30".
+<dt><a name="DNSSDHostName"></a><b>DNSSDHostName</b><i>hostname.example.com</i>
+<dd style="margin-left: 5.0em">Specifies the fully-qualified domain name for the server that is used for Bonjour sharing.
+The default is typically the server's ".local" hostname.
<dt><a name="ErrorPolicy"></a><b>ErrorPolicy abort-job</b>
<dd style="margin-left: 5.0em">Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
<dt><b>ErrorPolicy retry-job</b>
<dd style="margin-left: 5.0em"><dt><b>SSLListen [</b><i>ipv6-address</i><b>]:</b><i>port</i>
<dd style="margin-left: 5.0em"><dt><b>SSLListen *:</b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified address and port for encrypted connections.
-<dt><a name="SSLOptions"></a><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>]
+<dt><a name="SSLOptions"></a><dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>] [<i>MaxTLS1.0</i>] [<i>MaxTLS1.1</i>] [<i>MaxTLS1.2</i>] [<i>MaxTLS1.3</i>] [<i>MinTLS1.0</i>] [<i>MinTLS1.1</i>] [<i>MinTLS1.2</i>] [<i>MinTLS1.3</i>]
<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
-<dd style="margin-left: 5.0em">Sets encryption options.
+<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
-The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
-The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+Security is reduced when <i>Allow</i> options are used.
+Security is enhanced when <i>Deny</i> options are used.
+The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS).
+The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients.
The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The <i>DenyCBC</i> option disables all CBC cipher suites.
The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
+The <i>MinTLS</i> options set the minimum TLS version to support.
+The <i>MaxTLS</i> options set the maximum TLS version to support.
+Not all operating systems support TLS 1.3 at this time.
<dt><a name="SSLPort"></a><b>SSLPort </b><i>port</i>
<dd style="margin-left: 5.0em">Listens on the specified port for encrypted connections.
<dt><a name="StrictConformance"></a><b>StrictConformance Yes</b>
</pre>
The default is the empty string, which disables page logging.
The string "%p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}" creates a page log with the standard items.
+Use "%{job-impressions-completed}" to insert the number of pages (sides) that were printed, or "%{job-media-sheets-completed}" to insert the number of sheets that were printed.
<dt><a name="RIPCache"></a><b>RIPCache </b><i>size</i>
<dd style="margin-left: 5.0em">Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.
The default is "128m".
[
<b>--help</b>
] [
+<b>--ippserver</b>
+<i>filename</i>
+] [
<b>--stop-after-include-error</b>
] [
<b>--version</b>
<dl class="man">
<dt><b>--help</b>
<dd style="margin-left: 5.0em">Shows program help.
+<dt><b>--ippserver </b><i>filename</i>
+<dd style="margin-left: 5.0em">Specifies that the test results should be written to the named
+<b>ippserver</b>
+attributes file.
<dt><b>--stop-after-include-error</b>
<dd style="margin-left: 5.0em">Tells
<b>ipptool</b>
<dt><b>-c </b><i>class</i>
<dd style="margin-left: 5.0em">Adds the named <i>printer</i> to <i>class</i>.
If <i>class</i> does not exist it is created automatically.
-<dt><b>-i </b><i>ppd-file</i>
-<dd style="margin-left: 5.0em"><dt><b>-P </b><i>ppd-file</i>
+<dt><b>-P </b><i>ppd-file</i>
<dd style="margin-left: 5.0em">Specifies a PostScript Printer Description (PPD) file to use with the printer.
<dt><b>-m </b><i>model</i>
<dd style="margin-left: 5.0em">Sets a standard PPD file for the printer from the <i>model</i> directory or using one of the driver interfaces.
<dt><b>-L "</b><i>location</i><b>"</b>
<dd style="margin-left: 5.0em">Provides a textual location of the destination.
</dl>
+<h2 class="title"><a name="DEPRECATED_OPTIONS">Deprecated Options</a></h2>
+The following <b>lpadmin</b> options are deprecated:
+<dl class="man">
+<dt><b>-i </b><i>filename</i>
+<dd style="margin-left: 5.0em">This option historically has been used to provide either a System V interface script or (as an implementation side-effect) a PPD file.
+Since interface scripts are no longer supported, the <i>-P</i> option is preferred for providing a PPD file for a printer.
+</dl>
<h2 class="title"><a name="CONFORMING_TO">Conforming To</a></h2>
Unlike the System V printing system, CUPS allows printer names to contain any printable character except SPACE, TAB, "/", or "#".
Also, printer and class names are <i>not</i> case-sensitive.
This differs from the System V version which requires the root user to execute this command.
<h2 class="title"><a name="NOTES">Notes</a></h2>
The CUPS version of <b>lpadmin</b> does not support all of the System V or Solaris printing system configuration options.
+Interface scripts are not supported for security reasons.
<h2 class="title"><a name="EXAMPLE">Example</a></h2>
Create an IPP Everywhere print queue:
<pre class="man">
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The \fIDenyCBC\fR option disables all CBC cipher suites.
The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
-The \fMinTLS\fR options set the minimum TLS version to support.
-The \fMaxTLS\fR options set the maximum TLS version to support.
+The \fIMinTLS\fR options set the minimum TLS version to support.
+The \fIMaxTLS\fR options set the maximum TLS version to support.
Not all operating systems support TLS 1.3 at this time.
.TP 5
\fBTrustOnFirstUse Yes\fR
The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
The \fIDenyCBC\fR option disables all CBC cipher suites.
The \fIDenyTLS1.0\fR option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
-The \fMinTLS\fR options set the minimum TLS version to support.
-The \fMaxTLS\fR options set the maximum TLS version to support.
+The \fIMinTLS\fR options set the minimum TLS version to support.
+The \fIMaxTLS\fR options set the maximum TLS version to support.
Not all operating systems support TLS 1.3 at this time.
.\"#SSLPort
.TP 5
[
.B \-\-help
] [
-.BI \-\-ippserver filename
+.B \-\-ippserver
+.I filename
] [
.B \-\-stop\-after\-include\-error
] [
.B \-\-help
Shows program help.
.TP 5
--BI \-\-ippserver filename
+\fB\-\-ippserver \fIfilename\fR
Specifies that the test results should be written to the named
.B ippserver
attributes file.