[cups-devel] [HIGH] STR #4476: CUPS needs a way to control the use of cipher suites and protocol versions

Tim Waugh noreply at cups.org
Tue Jan 13 03:02:38 PST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR Resolved]

So in older versions it was advertised in error? e.g. this change from
2012:

@@ -3690,7 +4714,7 @@ http_send(http_t       *http,     /* I - Connection
to ser
ver */
   if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
   {
     httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
- -    httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.0,SSL/2.0,SSL/3.0");
+    httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
   }
 #endif /* HAVE_SSL */
 
Also, a usersys.c question: shouldn't cupsSetEncryption() also call
_cupsSetDefaults() if the defaults haven't yet been set? i.e. something
like:

@@ -257,6 +258,9 @@ cupsSetEncryption(http_encryption_t e)      /
   _cups_globals_t *cg = _cupsGlobals();        /* Pointer to library
globals */
 
 
+  if (cg->encryption == (http_encryption_t)-1)
+    _cupsSetDefaults();
+
   cg->encryption = e;
 
   if (cg->http)

Link: https://www.cups.org/str.php?L4476
Version: 1.4.2
Fix Version: 2.1-current (r12215)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJUtPtOAAoJENujp6sI12IjO0AP/0ZE67FL3ZaHNyoCrPG4F/an
K+WThWgtpHwIydjGDzagQZX5xVvIny74R/vbbXquTyevSgC9tauZAhuRjDuyhxFf
7oqnrpRsRaKq3rQYUzM6M9dsio6IqOr6fdbYEhFQerDfKOw9HCmhaENogwy2tUgo
HkB6EsaTIeGeH33r6DPZqnAcPPC2ddYIzvd+i1V31RPsZV4cspntNcZIrWTMV7kS
+h65YHCcgvcb3f5x1TQb4JVmrBIxTpRWgPgc3cEuONxQlK5aPHL0cUJKGxnxGY0n
hW2WA4Lxmjb9L49mWApUYJXaMSz5tGGTs+/xz20o4vPDRMjHzVQWjywMlkelVVGM
5yaQjMfv8Q8gW2c4+bQbAxEEap8gu8SxCZjL+ZtLtPMTVN8QifMg/X8D+lt3LHAA
Ry+Wog3aNxGBBjI1XwUkbyF2R1R1Fv/s7882gex6qbePMozXI2MIz0NTewk7WRMF
a7t3IP+1NwN4GC0rx+M/obJCnx20t8FwEYxv7Ct8HsDiy6LdTTV0L99LNw9vVpmY
soSAnsdGgMYy6tQl0vgyhRVFBvTyJWG9PDTCQ6H2hxwlbPkCTdaY4YEkgn34Ht+l
+4iQfsBeRtcn+/ixsAVAn4Vh0DqAj7Fn43gt+CYaIo6XQWgy/kyg+inThOYBqVp5
L4jNHYJpNYoZdGkQwRmD
=heBC
-----END PGP SIGNATURE-----




More information about the cups-devel mailing list