CUPS: [Client 1] Unable to encrypt connection: An illegal parameter has been received.

From: O. Hartmann <ohartmann_at_walstatt.org>
Date: Wed, 16 Jan 2019 15:23:40 +0100
We have an experimental IPV6 network and within this network, FreebSD CURRENT
(r343087) is acting as a CUPS print server, while a bunch FreeBSD 12-STABLE
boxes are CUPS clients.

The setup, so far, worked with IPv4. Introducing IPv6 addresses on both server
and host results in the error

[Client 1] Unable to encrypt connection: An illegal parameter has been received.

In file cups/client.conf we address the appropriate printer via

ipps://xxx.xxx.xxx.xxx/printers/printer_name (IPv4 of the CUPS server host)

This works fine.

But ipps://[XXXX:XXXX:XXXX::XXXX]/printers/printer_name (IPv6 of the CUPS
server host) doesn't work and results in the error on the server as shown above.

I fiddled also around with the SSLOption parameter in client.conf and parallel,
to match requiremets, in cups/cupsd.conf of the server host - with no effect.

On the server side, it seems that all the documents I could pick up from
cups.org or Apple do not specify any IPv6 address in an "Allow from" statement:
everything seems to be stuck with IPv4. While the cupsd.conf SSLListen option
is for IPv6

SSLListen [fd01:dead:beef::affe]:631

which works, I get an error when trying to put anything IPv6-similar with the
convention with the brackets "[" and "]" in a "Allow from" option in the
sections where I need to restrict access. An IPv6 without "[" and "]" seems to
be accepted - but when coemmnting out ANY IPv4 address and leaving only IPV6 in
the "Allow from " statement, no remote connection is allowed.

This drives me nuts. Since the aim will be to have a printing facility within a
IPv6 only network, I feel a bit lost.

Does anyone have had similar problems?

Regards,

Oliver
Received on Wed Jan 16 2019 - 13:23:57 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC