From 9e3ef6f3e37aa65f25cbe025106324144ed42b3d Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 27 Aug 2019 08:58:17 +0200 Subject: services: cups: Update SSL-OPTIONS docstring. This follows up on commit f9c1ebdb7daea30ceaf73f43bf15c222dc4a58ad. * gnu/services/cups.scm (cups-configuration): Update docstring. --- gnu/services/cups.scm | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'gnu') diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index c20244cb32..e77c43bfbf 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -809,12 +809,15 @@ an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate all addresses.") (ssl-options (ssl-options '()) - "Sets encryption options. -By default, CUPS only supports encryption using TLS v1.0 or higher using known -secure cipher suites. The @code{AllowRC4} option enables the 128-bit RC4 -cipher suites, which are required for some older clients that do not implement -newer ones. The @code{AllowSSL3} option enables SSL v3.0, which is required -for some older clients that do not support TLS v1.0.") + "Sets encryption options. By default, CUPS only supports encryption +using TLS v1.0 or higher using known secure cipher suites. Security is +reduced when @code{Allow} options are used, and enhanced when @code{Deny} +options are used. The @code{AllowRC4} option enables the 128-bit RC4 cipher +suites, which are required for some older clients. The @code{AllowSSL3} option +enables SSL v3.0, which is required for some older clients that do not support +TLS v1.0. The @code{DenyCBC} option disables all CBC cipher suites. The +@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum +protocol version to TLS v1.1.") #; (ssl-port (non-negative-integer 631) -- cgit v1.2.3