diff options
Diffstat (limited to 'scheduler/conf.c')
-rw-r--r-- | scheduler/conf.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/scheduler/conf.c b/scheduler/conf.c index bc52d2a..8c2694f 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -617,7 +617,7 @@ cupsdReadConfiguration(void) cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain"); # endif /* HAVE_GNUTLS */ - _httpTLSSetOptions(0); + _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX); #endif /* HAVE_SSL */ language = cupsLangDefault(); @@ -2999,7 +2999,9 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyCBC] [DenyTLS1.0] [None] */ - int options = 0; /* SSL/TLS options */ + int options = _HTTP_TLS_NONE,/* SSL/TLS options */ + min_version = _HTTP_TLS_1_0, + max_version = _HTTP_TLS_MAX; if (value) { @@ -3023,24 +3025,40 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ * Compare... */ - if (!_cups_strcasecmp(start, "AllowRC4")) + if (!_cups_strcasecmp(start, "AllowRC4")) options |= _HTTP_TLS_ALLOW_RC4; - else if (!_cups_strcasecmp(start, "AllowSSL3")) - options |= _HTTP_TLS_ALLOW_SSL3; + else if (!_cups_strcasecmp(start, "AllowSSL3")) + min_version = _HTTP_TLS_SSL3; else if (!_cups_strcasecmp(start, "AllowDH")) options |= _HTTP_TLS_ALLOW_DH; else if (!_cups_strcasecmp(start, "DenyCBC")) options |= _HTTP_TLS_DENY_CBC; else if (!_cups_strcasecmp(start, "DenyTLS1.0")) - options |= _HTTP_TLS_DENY_TLS10; - else if (!_cups_strcasecmp(start, "None")) - options = 0; + min_version = _HTTP_TLS_1_1; + else if (!_cups_strcasecmp(start, "MaxTLS1.0")) + max_version = _HTTP_TLS_1_0; + else if (!_cups_strcasecmp(start, "MaxTLS1.1")) + max_version = _HTTP_TLS_1_1; + else if (!_cups_strcasecmp(start, "MaxTLS1.2")) + max_version = _HTTP_TLS_1_2; + else if (!_cups_strcasecmp(start, "MaxTLS1.3")) + max_version = _HTTP_TLS_1_3; + else if (!_cups_strcasecmp(start, "MinTLS1.0")) + min_version = _HTTP_TLS_1_0; + else if (!_cups_strcasecmp(start, "MinTLS1.1")) + min_version = _HTTP_TLS_1_1; + else if (!_cups_strcasecmp(start, "MinTLS1.2")) + min_version = _HTTP_TLS_1_2; + else if (!_cups_strcasecmp(start, "MinTLS1.3")) + min_version = _HTTP_TLS_1_3; + else if (!_cups_strcasecmp(start, "None")) + options = _HTTP_TLS_NONE; else if (_cups_strcasecmp(start, "NoEmptyFragments")) cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum); } } - _httpTLSSetOptions(options); + _httpTLSSetOptions(options, min_version, max_version); } #endif /* HAVE_SSL */ else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen") |