Aha! I think it is that for some weird reason, a SHA-384 certificate may be the cause of this problem. I changed my server certificate to SHA-1 and TLS 1.2 works again. (and CUPS uses GnuTLS, so my OpenSSL cannot be the problem)
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1526999 Title: cups is intolerant to TLS 1.2 Status in cups package in Ubuntu: New Bug description: CUPS 1.7.2-0ubuntu1.7 on Ubuntu Trusty has a security problem where connections using TLS 1.2 will fail, forcing a TLS 1.1 retry === How to reproduce ==== 1. Connect to the cups server with HTTPS 2. Check the security info or 1. openssl s_client -connect localhost:631 2. See the error 3. openssl s_client -tls1_1 -connect localhost:631 4. See no error TLS 1.1 is not the newest protocol version, and therefore this can be considered a security issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1526999/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
