NAME<\/a> client.conf \u2212 client configuration file for cups (deprecated on macos)<\/p>\n The client.conf<\/b> file configures the CUPS client and is normally located in the \/etc\/cups<\/i> and\/or ~\/.cups<\/i> directories. Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.<\/p>\n Note:<\/b> Starting with macOS 10.7, this file is only used by command-line and X11 applications plus the IPP backend. The ServerName<\/b> directive is not supported on macOS at all. Starting with macOS 10.12, all applications can access these settings in the \/Library\/Preferences\/org.cups.PrintingPrefs.plist<\/i> file instead. See the NOTES section below for more information.<\/p>\n DIRECTIVES<\/b> Specifies whether to allow TLS with certificates that have not been signed by a trusted Certificate Authority. The default is “Yes”.<\/p>\n AllowExpiredCerts Yes Specifies whether to allow TLS with expired certificates. The default is “No”.<\/p>\n DigestOptions DenyMD5 Specifies HTTP Digest authentication options. DenyMD5<\/b> disables support for the original MD5 hash algorithm.<\/p>\n Encryption IfRequested Specifies the level of encryption that should be used.<\/p>\n GSSServiceName<\/b> name<\/i><\/p>\n Specifies the Kerberos service name that is used for authentication, typically “host”, “http”, or “ipp”. CUPS adds the remote hostname (“name@server.example.com”) for you. The default name is “http”.<\/p>\n ServerName<\/b> hostname-or-ip-address<\/i>[:port<\/i>] Specifies the address and optionally the port to use when connecting to the server. Note: This directive is not supported on macOS 10.7 or later.<\/b><\/p>\n ServerName<\/b> hostname-or-ip-address<\/i>[:port<\/i>]\/version=1.1<\/b><\/p>\n Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.<\/p>\n SSLOptions<\/b> [AllowDH<\/i>] [AllowRC4<\/i>] [AllowSSL3<\/i>] [DenyCBC<\/i>] [DenyTLS1.0<\/i>] Sets encryption options (only in \/etc\/cups\/client.conf). By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. Security is reduced when Allow<\/i> options are used. Security is enhanced when Deny<\/i> options are used. The AllowDH<\/i> option enables cipher suites using plain Diffie-Hellman key negotiation (not supported on systems using GNU TLS). The AllowRC4<\/i> option enables the 128-bit RC4 cipher suites, which are required for some older clients. The AllowSSL3<\/i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. The DenyCBC<\/i> option disables all CBC cipher suites. The DenyTLS1.0<\/i> option disables TLS v1.0 support – this sets the minimum protocol version to TLS v1.1. The MinTLS<\/i> options set the minimum TLS version to support. The MaxTLS<\/i> options set the maximum TLS version to support. Not all operating systems support TLS 1.3 at this time.<\/p>\n TrustOnFirstUse Yes Specifies whether to trust new TLS certificates by default. The default is “Yes”.<\/p>\n User<\/b> name<\/i><\/p>\n Specifies the default user name to use for requests.<\/p>\n UserAgentTokens None Specifies what information is included in the User-Agent header of HTTP requests. “None” disables the User-Agent header. “ProductOnly” reports “CUPS”. “Major” reports “CUPS\/major IPP\/2”. “Minor” reports “CUPS\/major.minor IPP\/2.1”. “Minimal” reports “CUPS\/major.minor.patch IPP\/2.1”. “OS” reports “CUPS\/major.minor.path (osname osversion) IPP\/2.1”. “Full” reports “CUPS\/major.minor.path (osname osversion; architecture) IPP\/2.1”. The default is “Minimal”.<\/p>\n ValidateCerts Yes Specifies whether to only allow TLS with certificates whose common name matches the hostname. The default is “No”.<\/p>\n The client.conf<\/b> file is deprecated on macOS and will no longer be supported in a future version of CUPS. Configuration settings can instead be viewed or changed using the defaults<\/b>(1) command: defaults read \/Library\/Preferences\/org.cups.PrintingPrefs.plist Encryption
DESCRIPTION<\/a>
NOTES<\/a>
SEE ALSO<\/a>
COPYRIGHT<\/a> <\/p>\n
\nNAME <\/a> <\/h2>\n
DESCRIPTION <\/a> <\/h2>\n
The following directives are understood by the client. Consult the online help for detailed descriptions:
AllowAnyRoot Yes
AllowAnyRoot No<\/b><\/p>\n
AllowExpiredCerts No<\/b><\/p>\n
DigestOptions None<\/b><\/p>\n
Encryption Never
Encryption Required<\/b><\/p>\n
ServerName<\/b> \/domain\/socket<\/i><\/p>\n
[MaxTLS1.0<\/i>] [MaxTLS1.1<\/i>] [MaxTLS1.2<\/i>] [MaxTLS1.3<\/i>] [MinTLS1.0<\/i>] [MinTLS1.1<\/i>]
[MinTLS1.2<\/i>] [MinTLS1.3<\/i>]
SSLOptions None<\/b><\/p>\n
TrustOnFirstUse No<\/b><\/p>\n
UserAgentTokens ProductOnly
UserAgentTokens Major
UserAgentTokens Minor
UserAgentTokens Minimal
UserAgentTokens OS
UserAgentTokens Full<\/b><\/p>\n
ValidateCerts No<\/b><\/p>\nNOTES <\/a> <\/h2>\n
defaults write \/Library\/Preferences\/org.cups.PrintingPrefs.plist Encryption Required
defaults write \/Library\/Preferences\/org.cups.PrintingPrefs.plist TrustOnFirstUse -bool NO<\/p>\n
On Linux and other systems using GNU TLS, the \/etc\/cups\/ssl\/site.crl<\/i> file, if present, provides a list of revoked X.509 certificates and is used when validating certificates.<\/p>\nSEE ALSO <\/a> <\/h2>\n