services: cups: Complete SSL-OPTIONS.
…except for ‘AllowDH’, which makes no sense on GNU TLS systems. * gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and ‘DenyTLS1.0’. * doc/guix.texi (Printing Services): Document them both.
This commit is contained in:
Tobias Geerinckx-Rice
parent
32e18e9b94
commit
f9c1ebdb7d
|
|
@ -49,7 +49,7 @@ Copyright @copyright{} 2017 Christopher Allan Webber@*
|
||||||
Copyright @copyright{} 2017, 2018 Marius Bakke@*
|
Copyright @copyright{} 2017, 2018 Marius Bakke@*
|
||||||
Copyright @copyright{} 2017 Hartmut Goebel@*
|
Copyright @copyright{} 2017 Hartmut Goebel@*
|
||||||
Copyright @copyright{} 2017 Maxim Cournoyer@*
|
Copyright @copyright{} 2017 Maxim Cournoyer@*
|
||||||
Copyright @copyright{} 2017, 2018 Tobias Geerinckx-Rice@*
|
Copyright @copyright{} 2017, 2018, 2019 Tobias Geerinckx-Rice@*
|
||||||
Copyright @copyright{} 2017 George Clemmer@*
|
Copyright @copyright{} 2017 George Clemmer@*
|
||||||
Copyright @copyright{} 2017 Andy Wingo@*
|
Copyright @copyright{} 2017 Andy Wingo@*
|
||||||
Copyright @copyright{} 2017, 2018, 2019 Arun Isaac@*
|
Copyright @copyright{} 2017, 2018, 2019 Arun Isaac@*
|
||||||
|
|
@ -14757,11 +14757,14 @@ Defaults to @samp{()}.
|
||||||
|
|
||||||
@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options
|
@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options
|
||||||
Sets encryption options. By default, CUPS only supports encryption
|
Sets encryption options. By default, CUPS only supports encryption
|
||||||
using TLS v1.0 or higher using known secure cipher suites. The
|
using TLS v1.0 or higher using known secure cipher suites. Security is
|
||||||
@code{AllowRC4} option enables the 128-bit RC4 cipher suites, which are
|
reduced when @code{Allow} options are used, and enhanced when @code{Deny}
|
||||||
required for some older clients that do not implement newer ones. The
|
options are used. The @code{AllowRC4} option enables the 128-bit RC4 cipher
|
||||||
@code{AllowSSL3} option enables SSL v3.0, which is required for some
|
suites, which are required for some older clients. The @code{AllowSSL3} option
|
||||||
older clients that do not support TLS v1.0.
|
enables SSL v3.0, which is required for some older clients that do not support
|
||||||
|
TLS v1.0. The @code{DenyCBC} option disables all CBC cipher suites. The
|
||||||
|
@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum
|
||||||
|
protocol version to TLS v1.1.
|
||||||
|
|
||||||
Defaults to @samp{()}.
|
Defaults to @samp{()}.
|
||||||
@end deftypevr
|
@end deftypevr
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
|
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
|
||||||
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
||||||
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
|
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
|
||||||
|
;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
|
@ -170,7 +171,10 @@
|
||||||
|
|
||||||
(define (ssl-options? x)
|
(define (ssl-options? x)
|
||||||
(and (list? x)
|
(and (list? x)
|
||||||
(and-map (lambda (elt) (memq elt '(AllowRC4 AllowSSL3))) x)))
|
(and-map (lambda (elt) (memq elt '(AllowRC4
|
||||||
|
AllowSSL3
|
||||||
|
DenyCBC
|
||||||
|
DenyTLS1.0))) x)))
|
||||||
(define (serialize-ssl-options field-name val)
|
(define (serialize-ssl-options field-name val)
|
||||||
(serialize-field field-name
|
(serialize-field field-name
|
||||||
(match val
|
(match val
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue