2 * "$Id: tlscheck.c 12688 2015-06-03 17:31:30Z msweet $"
4 * TLS check program for CUPS.
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
15 * This file is subject to the Apple OS-Developed Software exception.
19 * Include necessary headers...
22 #include "cups-private.h"
26 int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
33 static void usage(void);
37 * 'main()' - Main entry.
40 int /* O - Exit status */
41 main(int argc, /* I - Number of command-line arguments */
42 char *argv[]) /* I - Command-line arguments */
44 int i; /* Looping var */
45 http_t *http; /* HTTP connection */
46 const char *server = NULL; /* Hostname from command-line */
47 int port = 0; /* Port number */
48 const char *cipherName = "UNKNOWN";/* Cipher suite name */
49 int dhBits = 0; /* Diffie-Hellman bits */
50 int tlsVersion = 0; /* TLS version number */
51 char uri[1024], /* Printer URI */
52 scheme[32], /* URI scheme */
53 host[256], /* Hostname */
54 userpass[256], /* Username/password */
55 resource[256]; /* Resource path */
56 int tls_options = _HTTP_TLS_NONE,
58 verbose = 0; /* Verbosity */
59 ipp_t *request, /* IPP Get-Printer-Attributes request */
60 *response; /* IPP Get-Printer-Attributes response */
61 ipp_attribute_t *attr; /* Current attribute */
62 const char *name; /* Attribute name */
63 char value[1024]; /* Attribute (string) value */
64 static const char * const pattrs[] = /* Requested attributes */
67 "compression-supported",
68 "document-format-supported",
71 "printer-make-and-model",
73 "printer-state-reasons",
75 "uri-authentication-supported",
76 "uri-security-supported"
80 for (i = 1; i < argc; i ++)
82 if (!strcmp(argv[i], "--dh"))
84 tls_options |= _HTTP_TLS_ALLOW_DH;
86 else if (!strcmp(argv[i], "--no-tls10"))
88 tls_options |= _HTTP_TLS_DENY_TLS10;
90 else if (!strcmp(argv[i], "--rc4"))
92 tls_options |= _HTTP_TLS_ALLOW_RC4;
94 else if (!strcmp(argv[i], "--verbose") || !strcmp(argv[i], "-v"))
98 else if (argv[i][0] == '-')
100 printf("tlscheck: Unknown option '%s'.\n", argv[i]);
105 if (!strncmp(argv[i], "ipps://", 7))
107 httpSeparateURI(HTTP_URI_CODING_ALL, argv[i], scheme, sizeof(scheme), userpass, sizeof(userpass), host, sizeof(host), &port, resource, sizeof(resource));
113 strlcpy(resource, "/ipp/print", sizeof(resource));
116 else if (!port && (argv[i][0] == '=' || isdigit(argv[i][0] & 255)))
118 if (argv[i][0] == '=')
119 port = atoi(argv[i] + 1);
121 port = atoi(argv[i]);
125 printf("tlscheck: Unexpected argument '%s'.\n", argv[i]);
136 _httpTLSSetOptions(tls_options);
138 http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL);
141 printf("%s: ERROR (%s)\n", server, cupsLastErrorString());
146 SSLProtocol protocol;
147 SSLCipherSuite cipher;
148 char unknownCipherName[256];
149 int paramsNeeded = 0;
154 if ((err = SSLGetNegotiatedProtocolVersion(http->tls, &protocol)) != noErr)
156 printf("%s: ERROR (No protocol version - %d)\n", server, (int)err);
172 case kTLSProtocol11 :
175 case kTLSProtocol12 :
180 if ((err = SSLGetNegotiatedCipher(http->tls, &cipher)) != noErr)
182 printf("%s: ERROR (No cipher suite - %d)\n", server, (int)err);
189 case TLS_NULL_WITH_NULL_NULL:
190 cipherName = "TLS_NULL_WITH_NULL_NULL";
192 case TLS_RSA_WITH_NULL_MD5:
193 cipherName = "TLS_RSA_WITH_NULL_MD5";
195 case TLS_RSA_WITH_NULL_SHA:
196 cipherName = "TLS_RSA_WITH_NULL_SHA";
198 case TLS_RSA_WITH_RC4_128_MD5:
199 cipherName = "TLS_RSA_WITH_RC4_128_MD5";
201 case TLS_RSA_WITH_RC4_128_SHA:
202 cipherName = "TLS_RSA_WITH_RC4_128_SHA";
204 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
205 cipherName = "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
207 case TLS_RSA_WITH_NULL_SHA256:
208 cipherName = "TLS_RSA_WITH_NULL_SHA256";
210 case TLS_RSA_WITH_AES_128_CBC_SHA256:
211 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA256";
213 case TLS_RSA_WITH_AES_256_CBC_SHA256:
214 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA256";
216 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
217 cipherName = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
220 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
221 cipherName = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
224 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
225 cipherName = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
228 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
229 cipherName = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
232 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
233 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
236 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
237 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
240 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
241 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
244 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
245 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
248 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
249 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
252 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
253 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
256 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
257 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
260 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
261 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
264 case TLS_DH_anon_WITH_RC4_128_MD5:
265 cipherName = "TLS_DH_anon_WITH_RC4_128_MD5";
268 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
269 cipherName = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
272 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
273 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
276 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
277 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
280 case TLS_PSK_WITH_RC4_128_SHA:
281 cipherName = "TLS_PSK_WITH_RC4_128_SHA";
283 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
284 cipherName = "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
286 case TLS_PSK_WITH_AES_128_CBC_SHA:
287 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA";
289 case TLS_PSK_WITH_AES_256_CBC_SHA:
290 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA";
292 case TLS_DHE_PSK_WITH_RC4_128_SHA:
293 cipherName = "TLS_DHE_PSK_WITH_RC4_128_SHA";
296 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
297 cipherName = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
300 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
301 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
304 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
305 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
308 case TLS_RSA_PSK_WITH_RC4_128_SHA:
309 cipherName = "TLS_RSA_PSK_WITH_RC4_128_SHA";
311 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
312 cipherName = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
314 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
315 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
317 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
318 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
320 case TLS_PSK_WITH_NULL_SHA:
321 cipherName = "TLS_PSK_WITH_NULL_SHA";
323 case TLS_DHE_PSK_WITH_NULL_SHA:
324 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA";
327 case TLS_RSA_PSK_WITH_NULL_SHA:
328 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA";
330 case TLS_RSA_WITH_AES_128_GCM_SHA256:
331 cipherName = "TLS_RSA_WITH_AES_128_GCM_SHA256";
333 case TLS_RSA_WITH_AES_256_GCM_SHA384:
334 cipherName = "TLS_RSA_WITH_AES_256_GCM_SHA384";
336 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
337 cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
340 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
341 cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
344 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
345 cipherName = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
348 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
349 cipherName = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
352 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
353 cipherName = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
356 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
357 cipherName = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
360 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
361 cipherName = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
364 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
365 cipherName = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
368 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
369 cipherName = "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
372 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
373 cipherName = "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
376 case TLS_PSK_WITH_AES_128_GCM_SHA256:
377 cipherName = "TLS_PSK_WITH_AES_128_GCM_SHA256";
379 case TLS_PSK_WITH_AES_256_GCM_SHA384:
380 cipherName = "TLS_PSK_WITH_AES_256_GCM_SHA384";
382 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
383 cipherName = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
386 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
387 cipherName = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
390 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
391 cipherName = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
393 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
394 cipherName = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384";
396 case TLS_PSK_WITH_AES_128_CBC_SHA256:
397 cipherName = "TLS_PSK_WITH_AES_128_CBC_SHA256";
399 case TLS_PSK_WITH_AES_256_CBC_SHA384:
400 cipherName = "TLS_PSK_WITH_AES_256_CBC_SHA384";
402 case TLS_PSK_WITH_NULL_SHA256:
403 cipherName = "TLS_PSK_WITH_NULL_SHA256";
405 case TLS_PSK_WITH_NULL_SHA384:
406 cipherName = "TLS_PSK_WITH_NULL_SHA384";
408 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
409 cipherName = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
412 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
413 cipherName = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
416 case TLS_DHE_PSK_WITH_NULL_SHA256:
417 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA256";
420 case TLS_DHE_PSK_WITH_NULL_SHA384:
421 cipherName = "TLS_DHE_PSK_WITH_NULL_SHA384";
424 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
425 cipherName = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
427 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
428 cipherName = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
430 case TLS_RSA_PSK_WITH_NULL_SHA256:
431 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA256";
433 case TLS_RSA_PSK_WITH_NULL_SHA384:
434 cipherName = "TLS_RSA_PSK_WITH_NULL_SHA384";
436 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
437 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
440 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
441 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
444 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
445 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
448 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
449 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
452 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
453 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
456 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
457 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
460 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
461 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
464 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
465 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
468 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
469 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
472 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
473 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
476 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
477 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
480 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
481 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
484 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
485 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
488 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
489 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
492 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
493 cipherName = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
496 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
497 cipherName = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
500 case TLS_RSA_WITH_AES_128_CBC_SHA:
501 cipherName = "TLS_RSA_WITH_AES_128_CBC_SHA";
503 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
504 cipherName = "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
507 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
508 cipherName = "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
511 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
512 cipherName = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
515 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
516 cipherName = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
519 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
520 cipherName = "TLS_DH_anon_WITH_AES_128_CBC_SHA";
523 case TLS_RSA_WITH_AES_256_CBC_SHA:
524 cipherName = "TLS_RSA_WITH_AES_256_CBC_SHA";
526 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
527 cipherName = "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
530 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
531 cipherName = "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
534 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
535 cipherName = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
538 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
539 cipherName = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
542 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
543 cipherName = "TLS_DH_anon_WITH_AES_256_CBC_SHA";
546 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
547 cipherName = "TLS_ECDH_ECDSA_WITH_NULL_SHA";
550 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
551 cipherName = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
554 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
555 cipherName = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
558 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
559 cipherName = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
562 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
563 cipherName = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
566 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
567 cipherName = "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
570 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
571 cipherName = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
574 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
575 cipherName = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
578 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
579 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
582 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
583 cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
586 case TLS_ECDH_RSA_WITH_NULL_SHA:
587 cipherName = "TLS_ECDH_RSA_WITH_NULL_SHA";
590 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
591 cipherName = "TLS_ECDH_RSA_WITH_RC4_128_SHA";
594 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
595 cipherName = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
598 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
599 cipherName = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
602 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
603 cipherName = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
606 case TLS_ECDHE_RSA_WITH_NULL_SHA:
607 cipherName = "TLS_ECDHE_RSA_WITH_NULL_SHA";
610 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
611 cipherName = "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
614 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
615 cipherName = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
618 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
619 cipherName = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
622 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
623 cipherName = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
626 case TLS_ECDH_anon_WITH_NULL_SHA:
627 cipherName = "TLS_ECDH_anon_WITH_NULL_SHA";
630 case TLS_ECDH_anon_WITH_RC4_128_SHA:
631 cipherName = "TLS_ECDH_anon_WITH_RC4_128_SHA";
634 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
635 cipherName = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
638 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
639 cipherName = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
642 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
643 cipherName = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
647 snprintf(unknownCipherName, sizeof(unknownCipherName), "UNKNOWN_%04X", cipher);
648 cipherName = unknownCipherName;
652 if (cipher == TLS_RSA_WITH_RC4_128_MD5 ||
653 cipher == TLS_RSA_WITH_RC4_128_SHA)
655 printf("%s: ERROR (Printers MUST NOT negotiate RC4 cipher suites.)\n", server);
660 if ((err = SSLGetDiffieHellmanParams(http->tls, ¶ms, ¶msLen)) != noErr && paramsNeeded)
662 printf("%s: ERROR (Unable to get Diffie-Hellman parameters - %d)\n", server, (int)err);
667 if (paramsLen < 128 && paramsLen != 0)
669 printf("%s: ERROR (Diffie-Hellman parameters MUST be at least 2048 bits, but Printer uses only %d bits/%d bytes)\n", server, (int)paramsLen * 8, (int)paramsLen);
674 dhBits = (int)paramsLen * 8;
675 #endif /* __APPLE__ */
678 printf("%s: OK (TLS: %d.%d, %s, %d DH bits)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName, dhBits);
680 printf("%s: OK (TLS: %d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName);
684 httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipps", NULL, host, port, resource);
685 request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES);
686 ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri);
687 ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser());
688 ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs);
690 response = cupsDoRequest(http, request, resource);
692 for (attr = ippFirstAttribute(response); attr; attr = ippNextAttribute(response))
694 if (ippGetGroupTag(attr) != IPP_TAG_PRINTER)
697 if ((name = ippGetName(attr)) == NULL)
700 ippAttributeString(attr, value, sizeof(value));
701 printf(" %s=%s\n", name, value);
714 * 'usage()' - Show program usage.
720 puts("Usage: ./tlscheck [options] server [port]");
721 puts(" ./tlscheck [options] ipps://server[:port]/path");
724 puts(" --dh Allow DH/DHE key exchange");
725 puts(" --no-tls10 Disable TLS/1.0");
726 puts(" --rc4 Allow RC4 encryption");
727 puts(" --verbose Be verbose");
728 puts(" -v Be verbose");
730 puts("The default port is 631.");
734 #endif /* !HAVE_SSL */
738 * End of "$Id: tlscheck.c 12688 2015-06-03 17:31:30Z msweet $".