diff options
| author | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-10-15 17:34:21 -0400 |
|---|---|---|
| committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2019-10-15 17:34:21 -0400 |
| commit | ec8beb8952388a3ce650cc1477cd386546ed7318 (patch) | |
| tree | d0e46ac82a57ee6890f80ba74b7fd705abb8e4ad /doc | |
| parent | 4c793ee9ce18bf6315de14fea3ccb9d2a66c76b2 (diff) | |
| download | cups-ec8beb8952388a3ce650cc1477cd386546ed7318.tar.gz | |
Add support for DigestOptions directive in client.conf (Issue #5647)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/help/man-client.conf.html | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html index 58b091fe0..032cd333d 100644 --- a/doc/help/man-client.conf.html +++ b/doc/help/man-client.conf.html @@ -19,28 +19,32 @@ See the NOTES section below for more information. <h3><a name="DIRECTIVES">Directives</a></h3> The following directives are understood by the client. Consult the online help for detailed descriptions: <dl class="man"> -<dt><b>AllowAnyRoot Yes</b> +<dt><a name="AllowAnyRoot"></a><b>AllowAnyRoot Yes</b> <dd style="margin-left: 5.0em"><dt><b>AllowAnyRoot No</b> <dd style="margin-left: 5.0em">Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. The default is "Yes". -<dt><b>AllowExpiredCerts Yes</b> +<dt><a name="AllowExpiredCerts"></a><b>AllowExpiredCerts Yes</b> <dd style="margin-left: 5.0em"><dt><b>AllowExpiredCerts No</b> <dd style="margin-left: 5.0em">Specifies whether to allow TLS with expired certificates. The default is "No". -<dt><b>Encryption IfRequested</b> +<dt><a name="DigestOptions"></a><b>DigestOptions DenyMD5</b> +<dd style="margin-left: 5.0em"><dt><b>DigestOptions None</b> +<dd style="margin-left: 5.0em">Specifies HTTP Digest authentication options. +<b>DenyMD5</b> disables support for the original MD5 hash algorithm. +<dt><a name="Encryption"></a><b>Encryption IfRequested</b> <dd style="margin-left: 5.0em"><dt><b>Encryption Never</b> <dd style="margin-left: 5.0em"><dt><b>Encryption Required</b> <dd style="margin-left: 5.0em">Specifies the level of encryption that should be used. -<dt><b>GSSServiceName </b><i>name</i> +<dt><a name="GSSServiceName"></a><b>GSSServiceName </b><i>name</i> <dd style="margin-left: 5.0em">Specifies the Kerberos service name that is used for authentication, typically "host", "http", or "ipp". CUPS adds the remote hostname ("name@server.example.com") for you. The default name is "http". -<dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>] +<dt><a name="ServerName"></a><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>] <dd style="margin-left: 5.0em"><dt><b>ServerName </b><i>/domain/socket</i> <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to the server. <b>Note: This directive is not supported on macOS 10.7 or later.</b> <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b> <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier. -<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>] [<i>MaxTLS1.0</i>] [<i>MaxTLS1.1</i>] [<i>MaxTLS1.2</i>] [<i>MaxTLS1.3</i>] [<i>MinTLS1.0</i>] [<i>MinTLS1.1</i>] [<i>MinTLS1.2</i>] [<i>MinTLS1.3</i>] +<dt><a name="SSLOptions"></a><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyCBC</i>] [<i>DenyTLS1.0</i>] [<i>MaxTLS1.0</i>] [<i>MaxTLS1.1</i>] [<i>MaxTLS1.2</i>] [<i>MaxTLS1.3</i>] [<i>MinTLS1.0</i>] [<i>MinTLS1.1</i>] [<i>MinTLS1.2</i>] [<i>MinTLS1.3</i>] <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b> <dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf). By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. @@ -54,11 +58,11 @@ The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum p The <i>MinTLS</i> options set the minimum TLS version to support. The <i>MaxTLS</i> options set the maximum TLS version to support. Not all operating systems support TLS 1.3 at this time. -<dt><b>TrustOnFirstUse Yes</b> +<dt><a name="TrustOnFirstUse"></a><b>TrustOnFirstUse Yes</b> <dd style="margin-left: 5.0em"><dt><b>TrustOnFirstUse No</b> <dd style="margin-left: 5.0em">Specifies whether to trust new TLS certificates by default. The default is "Yes". -<dt><b>User </b><i>name</i> +<dt><a name="User"></a><b>User </b><i>name</i> <dd style="margin-left: 5.0em">Specifies the default user name to use for requests. <dt><a name="UserAgentTokens"></a><b>UserAgentTokens None</b> <dd style="margin-left: 5.0em"><dt><b>UserAgentTokens ProductOnly</b> @@ -76,7 +80,7 @@ The default is "Yes". "OS" reports "CUPS/major.minor.path (osname osversion) IPP/2.1". "Full" reports "CUPS/major.minor.path (osname osversion; architecture) IPP/2.1". The default is "Minimal". -<dt><b>ValidateCerts Yes</b> +<dt><a name="ValidateCerts"></a><b>ValidateCerts Yes</b> <dd style="margin-left: 5.0em"><dt><b>ValidateCerts No</b> <dd style="margin-left: 5.0em">Specifies whether to only allow TLS with certificates whose common name matches the hostname. The default is "No". |