services: cups: Complete SSL-OPTIONS.
…except for ‘AllowDH’, which makes no sense on GNU TLS systems. * gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and ‘DenyTLS1.0’. * doc/guix.texi (Printing Services): Document them both.master
parent
32e18e9b94
commit
f9c1ebdb7d
|
@ -49,7 +49,7 @@ Copyright @copyright{} 2017 Christopher Allan Webber@*
|
|||
Copyright @copyright{} 2017, 2018 Marius Bakke@*
|
||||
Copyright @copyright{} 2017 Hartmut Goebel@*
|
||||
Copyright @copyright{} 2017 Maxim Cournoyer@*
|
||||
Copyright @copyright{} 2017, 2018 Tobias Geerinckx-Rice@*
|
||||
Copyright @copyright{} 2017, 2018, 2019 Tobias Geerinckx-Rice@*
|
||||
Copyright @copyright{} 2017 George Clemmer@*
|
||||
Copyright @copyright{} 2017 Andy Wingo@*
|
||||
Copyright @copyright{} 2017, 2018, 2019 Arun Isaac@*
|
||||
|
@ -14757,11 +14757,14 @@ Defaults to @samp{()}.
|
|||
|
||||
@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options
|
||||
Sets encryption options. By default, CUPS only supports encryption
|
||||
using TLS v1.0 or higher using known secure cipher suites. The
|
||||
@code{AllowRC4} option enables the 128-bit RC4 cipher suites, which are
|
||||
required for some older clients that do not implement newer ones. The
|
||||
@code{AllowSSL3} option enables SSL v3.0, which is required for some
|
||||
older clients that do not support TLS v1.0.
|
||||
using TLS v1.0 or higher using known secure cipher suites. Security is
|
||||
reduced when @code{Allow} options are used, and enhanced when @code{Deny}
|
||||
options are used. The @code{AllowRC4} option enables the 128-bit RC4 cipher
|
||||
suites, which are required for some older clients. The @code{AllowSSL3} option
|
||||
enables SSL v3.0, which is required for some older clients that do not support
|
||||
TLS v1.0. The @code{DenyCBC} option disables all CBC cipher suites. The
|
||||
@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum
|
||||
protocol version to TLS v1.1.
|
||||
|
||||
Defaults to @samp{()}.
|
||||
@end deftypevr
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
|
||||
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
||||
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
|
||||
;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -170,7 +171,10 @@
|
|||
|
||||
(define (ssl-options? x)
|
||||
(and (list? x)
|
||||
(and-map (lambda (elt) (memq elt '(AllowRC4 AllowSSL3))) x)))
|
||||
(and-map (lambda (elt) (memq elt '(AllowRC4
|
||||
AllowSSL3
|
||||
DenyCBC
|
||||
DenyTLS1.0))) x)))
|
||||
(define (serialize-ssl-options field-name val)
|
||||
(serialize-field field-name
|
||||
(match val
|
||||
|
|
Reference in New Issue