doc/help/man-client.conf.html - platform/external/libcups - Git at Google

 <!DOCTYPE HTML>
 <html>
 <!-- SECTION: Man Pages -->
 <head>
 	<link rel="stylesheet" type="text/css" href="../cups-printable.css">
 	<title>client.conf(5)</title>
 </head>
 <body>
 <h1 class="title">client.conf(5)</h1>
 <h2 class="title"><a name="NAME">Name</a></h2>
 client.conf - client configuration file for cups
 <h2 class="title"><a name="DESCRIPTION">Description</a></h2>
 The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories.
 Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
 <p><b>Note:</b> Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
 The <b>ServerName</b> directive is not supported on macOS at all.
 Starting with macOS 10.12, all applications can access these settings in the <i>/Library/Preferences/org.cups.PrintingPrefs.plist</i> file instead.
 See the NOTES section below for more information.
 <h3><a name="DIRECTIVES">Directives</a></h3>
 The following directives are understood by the client. Consult the online help for detailed descriptions:
 <dl class="man">
 <dt><b>AllowAnyRoot Yes</b>
 <dd style="margin-left: 5.0em"><dt><b>AllowAnyRoot No</b>
 <dd style="margin-left: 5.0em">Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
 The default is "Yes".
 <dt><b>AllowExpiredCerts Yes</b>
 <dd style="margin-left: 5.0em"><dt><b>AllowExpiredCerts No</b>
 <dd style="margin-left: 5.0em">Specifies whether to allow TLS with expired certificates.
 The default is "No".
 <dt><b>Encryption IfRequested</b>
 <dd style="margin-left: 5.0em"><dt><b>Encryption Never</b>
 <dd style="margin-left: 5.0em"><dt><b>Encryption Required</b>
 <dd style="margin-left: 5.0em">Specifies the level of encryption that should be used.
 <dt><b>GSSServiceName </b><i>name</i>
 <dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
 CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
 <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]
 <dd style="margin-left: 5.0em"><dt><b>ServerName </b><i>/domain/socket</i>
 <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to the server.
 <b>Note: This directive is not supported on macOS 10.7 or later.</b>
 <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
 <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
 <dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>]
 <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
 <dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
 The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
 The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
 The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
 The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
 <dt><b>TrustOnFirstUse Yes</b>
 <dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b>
 <dd style="margin-left: 5.0em">Specifies whether to trust new TLS certificates by default.
 The default is "Yes".
 <dt><b>User </b><i>name</i>
 <dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
 <dt><b>ValidateCerts Yes</b>
 <dd style="margin-left: 5.0em"><dt><b>ValidateCerts No</b>
 <dd style="margin-left: 5.0em">Specifies whether to only allow TLS with certificates whose common name matches the hostname.
 The default is "No".
 </dl>
 <h2 class="title"><a name="NOTES">Notes</a></h2>
 The <b>client.conf</b> file is deprecated on macOS and will no longer be supported in a future version of CUPS.
 Configuration settings can instead be viewed or changed using the
 <b>defaults</b>(1)
 command:
 <pre class="man">
 defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
 defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO

 defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
 </pre>
 On Linux and other systems using GNU TLS, the <i>/etc/cups/ssl/site.crl</i> file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
 <h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
 <a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
 <b>default</b>(1),
 CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
 <h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
 Copyright &copy; 2007-2017 by Apple Inc.

 </body>
 </html>
	<!DOCTYPE HTML>
	<html>
	<!-- SECTION: Man Pages -->
	<head>
	<link rel="stylesheet" type="text/css" href="../cups-printable.css">
	<title>client.conf(5)</title>
	</head>
	<body>
	<h1 class="title">client.conf(5)</h1>
	<h2 class="title"><a name="NAME">Name</a></h2>
	client.conf - client configuration file for cups
	<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
	The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories.
	Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
	<p><b>Note:</b> Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
	The <b>ServerName</b> directive is not supported on macOS at all.
	Starting with macOS 10.12, all applications can access these settings in the <i>/Library/Preferences/org.cups.PrintingPrefs.plist</i> file instead.
	See the NOTES section below for more information.
	<h3><a name="DIRECTIVES">Directives</a></h3>
	The following directives are understood by the client. Consult the online help for detailed descriptions:
	<dl class="man">
	<dt><b>AllowAnyRoot Yes</b>
	<dd style="margin-left: 5.0em"><dt><b>AllowAnyRoot No</b>
	<dd style="margin-left: 5.0em">Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority.
	The default is "Yes".
	<dt><b>AllowExpiredCerts Yes</b>
	<dd style="margin-left: 5.0em"><dt><b>AllowExpiredCerts No</b>
	<dd style="margin-left: 5.0em">Specifies whether to allow TLS with expired certificates.
	The default is "No".
	<dt><b>Encryption IfRequested</b>
	<dd style="margin-left: 5.0em"><dt><b>Encryption Never</b>
	<dd style="margin-left: 5.0em"><dt><b>Encryption Required</b>
	<dd style="margin-left: 5.0em">Specifies the level of encryption that should be used.
	<dt><b>GSSServiceName </b><i>name</i>
	<dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp".
	CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http".
	<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]
	<dd style="margin-left: 5.0em"><dt><b>ServerName </b><i>/domain/socket</i>
	<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to the server.
	<b>Note: This directive is not supported on macOS 10.7 or later.</b>
	<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
	<dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
	<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>]
	<dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
	<dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
	By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
	The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
	The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
	The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
	The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
	<dt><b>TrustOnFirstUse Yes</b>
	<dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b>
	<dd style="margin-left: 5.0em">Specifies whether to trust new TLS certificates by default.
	The default is "Yes".
	<dt><b>User </b><i>name</i>
	<dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
	<dt><b>ValidateCerts Yes</b>
	<dd style="margin-left: 5.0em"><dt><b>ValidateCerts No</b>
	<dd style="margin-left: 5.0em">Specifies whether to only allow TLS with certificates whose common name matches the hostname.
	The default is "No".
	</dl>
	<h2 class="title"><a name="NOTES">Notes</a></h2>
	The <b>client.conf</b> file is deprecated on macOS and will no longer be supported in a future version of CUPS.
	Configuration settings can instead be viewed or changed using the
	<b>defaults</b>(1)
	command:
	<pre class="man">
	defaults write /Library/Preferences/org.cups.PrintingPrefs.plist Encryption Required
	defaults write /Library/Preferences/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO

	defaults read /Library/Preferences/org.cups.PrintingPrefs.plist Encryption
	</pre>
	On Linux and other systems using GNU TLS, the <i>/etc/cups/ssl/site.crl</i> file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.
	<h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
	<a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
	<b>default</b>(1),
	CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
	<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
	Copyright © 2007-2017 by Apple Inc.

	</body>
	</html>