DNS-SD TLS check needs to look for 1.0, 1.1, or 1.2 values

istopwg / ippeveselfcert

IPP Everywhere Printer Self-Certification Tools

https://www.pwg.org/ipp/everywhere.html

Apache License 2.0

21 stars 6 forks source link

DNS-SD TLS check needs to look for 1.0, 1.1, or 1.2 values #64

Closed michaelrsweet closed 3 years ago

michaelrsweet commented 4 years ago

Currently the DNS-SD TLS check (B-5) looks for the presence of the "TLS" key in the TXT record as an indication that the printer supported TLS. Apple's Bonjour Printing Specification allows an empty string (the default) and IPP Everywhere 1.1 allows 'none' as well to indicate that TLS is not supported.

We need to update the check to look for a numeric value.

wifiprintguy commented 4 years ago

For the "_ipp._tcp" service type, doesn't the presence of a "TLS" key in the TXT record with a value that is something other than "none" or the empty string actually mean that the printer is claiming support for HTTP Upgrade?

Also, do we want to be overtly requiring testing the "_ipp._tcp" only configuration for printers that also support "_ipps._tcp"? It is in that corner case that these issues have revealed themselves, which isn't the default / out-of-box configuration.

michaelrsweet commented 4 years ago

@wifiprintguy Technically yes, but IPP Everywhere also requires IPPS if you do TLS so there never seemed to be a point to test the edge case of IPP + HTTP Upgrade.

michaelrsweet commented 3 years ago

[master b3a4d00] Fix TLS tests to look for a number (Issue #64)