aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2019-08-27 08:58:17 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2019-08-27 08:58:37 +0200
commit9e3ef6f3e37aa65f25cbe025106324144ed42b3d (patch)
treeb6ca031d879cce8fecc4a6d861157f7d8b4dbb8c
parent07272bd8e0809de2dcfc068244c5218506418a10 (diff)
downloadguix-9e3ef6f3e37aa65f25cbe025106324144ed42b3d.tar.gz
guix-9e3ef6f3e37aa65f25cbe025106324144ed42b3d.zip
services: cups: Update SSL-OPTIONS docstring.
This follows up on commit f9c1ebdb7daea30ceaf73f43bf15c222dc4a58ad. * gnu/services/cups.scm (cups-configuration)<ssl-options>: Update docstring.
-rw-r--r--gnu/services/cups.scm15
1 files changed, 9 insertions, 6 deletions
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index c20244cb32..e77c43bfbf 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -809,12 +809,15 @@ an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate
all addresses.")
(ssl-options
(ssl-options '())
- "Sets encryption options.
-By default, CUPS only supports encryption using TLS v1.0 or higher using known
-secure cipher suites. The @code{AllowRC4} option enables the 128-bit RC4
-cipher suites, which are required for some older clients that do not implement
-newer ones. The @code{AllowSSL3} option enables SSL v3.0, which is required
-for some older clients that do not support TLS v1.0.")
+ "Sets encryption options. By default, CUPS only supports encryption
+using TLS v1.0 or higher using known secure cipher suites. Security is
+reduced when @code{Allow} options are used, and enhanced when @code{Deny}
+options are used. The @code{AllowRC4} option enables the 128-bit RC4 cipher
+suites, which are required for some older clients. The @code{AllowSSL3} option
+enables SSL v3.0, which is required for some older clients that do not support
+TLS v1.0. The @code{DenyCBC} option disables all CBC cipher suites. The
+@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum
+protocol version to TLS v1.1.")
#;
(ssl-port
(non-negative-integer 631)