[cups-devel] [HIGH] STR #4476: CUPS needs a way to control the use of cipher suites and protocol versions
Tim Waugh
noreply at cups.org
Tue Jan 13 03:02:38 PST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR Resolved]
So in older versions it was advertised in error? e.g. this change from
2012:
@@ -3690,7 +4714,7 @@ http_send(http_t *http, /* I - Connection
to ser
ver */
if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
{
httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
- - httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.0,SSL/2.0,SSL/3.0");
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
}
#endif /* HAVE_SSL */
Also, a usersys.c question: shouldn't cupsSetEncryption() also call
_cupsSetDefaults() if the defaults haven't yet been set? i.e. something
like:
@@ -257,6 +258,9 @@ cupsSetEncryption(http_encryption_t e) /
_cups_globals_t *cg = _cupsGlobals(); /* Pointer to library
globals */
+ if (cg->encryption == (http_encryption_t)-1)
+ _cupsSetDefaults();
+
cg->encryption = e;
if (cg->http)
Link: https://www.cups.org/str.php?L4476
Version: 1.4.2
Fix Version: 2.1-current (r12215)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUtPtOAAoJENujp6sI12IjO0AP/0ZE67FL3ZaHNyoCrPG4F/an
K+WThWgtpHwIydjGDzagQZX5xVvIny74R/vbbXquTyevSgC9tauZAhuRjDuyhxFf
7oqnrpRsRaKq3rQYUzM6M9dsio6IqOr6fdbYEhFQerDfKOw9HCmhaENogwy2tUgo
HkB6EsaTIeGeH33r6DPZqnAcPPC2ddYIzvd+i1V31RPsZV4cspntNcZIrWTMV7kS
+h65YHCcgvcb3f5x1TQb4JVmrBIxTpRWgPgc3cEuONxQlK5aPHL0cUJKGxnxGY0n
hW2WA4Lxmjb9L49mWApUYJXaMSz5tGGTs+/xz20o4vPDRMjHzVQWjywMlkelVVGM
5yaQjMfv8Q8gW2c4+bQbAxEEap8gu8SxCZjL+ZtLtPMTVN8QifMg/X8D+lt3LHAA
Ry+Wog3aNxGBBjI1XwUkbyF2R1R1Fv/s7882gex6qbePMozXI2MIz0NTewk7WRMF
a7t3IP+1NwN4GC0rx+M/obJCnx20t8FwEYxv7Ct8HsDiy6LdTTV0L99LNw9vVpmY
soSAnsdGgMYy6tQl0vgyhRVFBvTyJWG9PDTCQ6H2hxwlbPkCTdaY4YEkgn34Ht+l
+4iQfsBeRtcn+/ixsAVAn4Vh0DqAj7Fn43gt+CYaIo6XQWgy/kyg+inThOYBqVp5
L4jNHYJpNYoZdGkQwRmD
=heBC
-----END PGP SIGNATURE-----
More information about the cups-devel
mailing list