Configure CUPS to support encryption, by doing the following: - Set ServerName to the cert CN - Set ServerCert and ServerKey for cert - Bind by saying SSLListen 0.0.0.0:631 In client.conf set ServerName and Encryption Always Set up a printer that uses the IPP protocol, or HTTP (same effect). See that the URL printed to by CUPS is encrypted, when the printer does not support encryption, nor has the user expressed any desire to make a secure connection to the printer: Device URI: https://192.168.200.153:631/ipp/PORT1 The error message given when printing is attempted is the very Microsoft-esque: "Unable to connect to IPP host: Success" The result: printing to non-SSL IPP printers is impossible when CUPS is configured to support SSL.
Changing product and version.
Is 'Encryption IfRequested' any better?
Encryption IfRequested leaves the option open for printing to occur without encryption, which is against our access policy for services that are accessible over the internet :(
But you wanted printing to occur without encryption: "printing to non-SSL IPP printers" is exactly that, surely? I think maybe I'm not understanding the set-up you have. Can you give the various devices in the scenario names, so that I can see more clearly what you mean?
Client XXX --IPP+SSL--> CUPS Server --IPP--> Ricoh IPP enabled printer The connection right now this minute client XXX is talking to the CUPS server using IPP+SSL (Specified using Encryption Required). The connection right now this minute CUPS server is talking to the Ricoh printer via LPR, because this works at the moment. The minute you try to change the protocol that CUPS uses to talk to the Ricoh printer from LPR to IPP (non secure IPP, as the Ricoh printer to our knowledge does not support SSL) CUPS insists on using IPP+SSL to talk to the Ricoh printer. The Ricoh printer cannot understand IPP+SSL, and the job never arrives on the printer. It seems that if the IPP connection between client XXX and CUPS is SSL enabled, CUPS wants to make the IPP connection between the CUPS server and the Ricoh printer SSL enabled as well, even though SSL for the connection to the printer is neither enabled in the config of CUPS, nor supported by the Ricoh printer.
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.