From owner-freebsd-current@freebsd.org Wed Jan 16 14:23:57 2019 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC89B148A046 for ; Wed, 16 Jan 2019 14:23:56 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9706F6FBA7 for ; Wed, 16 Jan 2019 14:23:55 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from freyja.lan101.bundesimmobilien.intern ([46.88.80.79]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MYbFe-1gndh23sRe-00VNa4 for ; Wed, 16 Jan 2019 15:23:47 +0100 Date: Wed, 16 Jan 2019 15:23:40 +0100 From: "O. Hartmann" To: freebsd-current Subject: CUPS: [Client 1] Unable to encrypt connection: An illegal parameter has been received. Message-ID: <20190116152328.3edb2f74@freyja.lan101.bundesimmobilien.intern> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:iXPrm2gb7K7I0v+oM/XwRNSLfmsCcbmPowBtsSy1IPIZIX9DVTv vMmN6kQ4xVe38FkwYRwQU9/yhEF/kyRx0xZAuQNP/tE25Os+Bov5htHWrb7kH3gszF4Ym7l Qz1z7adhmtjpbmkcI3o2MbGW/xMSanxlBzeSCD9kkq6fYPJ2vWCJ4ucpc5MDIolyc2v0c3R 9GKatvqebKgVYIglTc+2A== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:3IeH16Jid3A=:30rt1mIkgdKX7QqPnwd7cM dADM1REm6TU7yBWNdtItEnV9/2rBBNmeSRSLEtVzWxCj31yTOZw0Vt0lo0dsU0YgiSAsZjah8 /+dtxDLTgBTexB2H3fni+5p2RpO1g5BlUxN5M7jmUFtIAFnuGv/Q9x10jf1RGAAXELUImBTY/ 6nlbREmCR8JSD0etI2j9hTMuH5t1ribFUNbodqrwu+ABM6BPNbvCezrWvhJHR/bPyWIwhp4aR X8z1VnCBZ4tjT32WtwIb0MxslMWZNurKGBTiNWkZw7YWminzAysA2Uh7a7wHnhqHSTosOZNOq HHxcz3T0D6qzhIWLbtZGt2RaoDaCW2XOwjzKQjSSLIT3b8NYrBigK7Ixjppa/cIGl4X+s+jlG aNPDaqMm+a+jbqUf12tXex7gTJIHiawOtddaW39DsrymSi+RiVMpmQ4Y+Hxg4gOTFEWMTJrKG igmjQ6ZMIBqmVvQVDxq6lo7IXiC6eZJYfzIoyEHwI/jJRuOrT1gRf2mmDB8RjGDgmy5/tFeHG 3T4VaiVeizGUZK5AMjVXqliCnWvmGHIbfB+0kVSkk2HgnYEpWbjQLTihkl0US4lgYooW1Fj/X h9zHAfkFDz0wODtqZ64Tlshd0p4r9/CA+15NK/q54yDfMVQNpuhS7CMd3OiCjgrW4nLdkIwn8 NS86kPc29Q0heNbgdGCHR8aFUAT6/kKCzR6M6C/guQUKK76eFhcO4ZfZd6LdwxKCaUbQRncxR FLq0c0Q5s3qpdzCrMOBasqLs/WFVvI6SZUSAmlkjKzIF/G3998bLiwGzXp+B79XM4V64G9mwQ S5nQ1lkFcAtZVgLG7f7wmSvxxJrRgqUZ5bYsx0qTpZEE3bfvvH6s348WzCtiwFK1TwX+8uCqx bUJv7GH9rn38vFbD8mm6+lzXvEq/mX/Psu1/1367pIIrezz5Pu48mx8z0Tc6HPHUsbtwYZzcO ozXUuspDTcg== X-Rspamd-Queue-Id: 9706F6FBA7 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.67 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[79.80.88.46.zen.spamhaus.org : 127.0.0.10]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.994,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[walstatt.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.62)[ip: (-3.04), ipnet: 212.227.0.0/16(-0.67), asn: 8560(0.62), country: DE(-0.01)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mx01.gmx.net,mx00.gmx.net]; NEURAL_HAM_SHORT(-0.89)[-0.886,0]; NEURAL_HAM_MEDIUM(-0.96)[-0.957,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[20.17.227.212.list.dnswl.org : 127.0.3.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 14:23:57 -0000 We have an experimental IPV6 network and within this network, FreebSD CURRENT (r343087) is acting as a CUPS print server, while a bunch FreeBSD 12-STABLE boxes are CUPS clients. The setup, so far, worked with IPv4. Introducing IPv6 addresses on both server and host results in the error [Client 1] Unable to encrypt connection: An illegal parameter has been received. In file cups/client.conf we address the appropriate printer via ipps://xxx.xxx.xxx.xxx/printers/printer_name (IPv4 of the CUPS server host) This works fine. But ipps://[XXXX:XXXX:XXXX::XXXX]/printers/printer_name (IPv6 of the CUPS server host) doesn't work and results in the error on the server as shown above. I fiddled also around with the SSLOption parameter in client.conf and parallel, to match requiremets, in cups/cupsd.conf of the server host - with no effect. On the server side, it seems that all the documents I could pick up from cups.org or Apple do not specify any IPv6 address in an "Allow from" statement: everything seems to be stuck with IPv4. While the cupsd.conf SSLListen option is for IPv6 SSLListen [fd01:dead:beef::affe]:631 which works, I get an error when trying to put anything IPv6-similar with the convention with the brackets "[" and "]" in a "Allow from" option in the sections where I need to restrict access. An IPv6 without "[" and "]" seems to be accepted - but when coemmnting out ANY IPv4 address and leaving only IPV6 in the "Allow from " statement, no remote connection is allowed. This drives me nuts. Since the aim will be to have a printing facility within a IPv6 only network, I feel a bit lost. Does anyone have had similar problems? Regards, Oliver