Originally posted by: rc015116

The CUPS web interface works fine over http, but over https CUPS is not serving up any pages.  I have gnutls installed.  Here's the log when I try to access https://<host>:631

d [19/Apr/2018:15:25:12 +0600] cupsdAcceptClient(lis=300385d8(4)) Clients=0
D [19/Apr/2018:15:25:12 +0600] [Client 117] Server address is "10.162.7.50".
D [19/Apr/2018:15:25:12 +0600] [Client 117] Accepted from 10.132.34.249:55252 (IPv4)
d [19/Apr/2018:15:25:12 +0600] cupsdAddSelect(fd=11, read_cb=30001900, write_cb=0, data=30407cc8)
D [19/Apr/2018:15:25:12 +0600] [Client 117] Waiting for request.
d [19/Apr/2018:15:25:12 +0600] select_timeout: JobHistoryUpdate=0
d [19/Apr/2018:15:25:12 +0600] [Client 117] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=0(), file=-1
D [19/Apr/2018:15:25:12 +0600] [Client 117] HTTP_STATE_WAITING Closing on error: No request URI.
D [19/Apr/2018:15:25:12 +0600] [Client 117] Closing connection.
D [19/Apr/2018:15:25:12 +0600] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
d [19/Apr/2018:15:25:12 +0600] cupsdRemoveSelect(fd=11)
d [19/Apr/2018:15:25:12 +0600] cupsdRemoveSelect(fd=-1)
d [19/Apr/2018:15:25:12 +0600] select_timeout: JobHistoryUpdate=0

Here's my cupsd.conf

MaxLogSize 200m
MaxJobs 0
PreserveJobHistory Off
DirtyCleanInterval 0
ErrorPolicy Retry-Job
Listen *:631
<Location /printers>
  Allow from All
</Location>
# Show troubleshooting information in error_log.
LogLevel debug2
Listen localhost:631
Listen /var/run/cups/cups.sock
Browsing On
DefaultAuthType Basic
WebInterface Yes
<Location />
  Order allow,deny
  Allow from All
</Location>
<Location /admin>
  Order allow,deny
  Allow from All
</Location>
<Location /admin/conf>
  Order allow,deny
  Allow from All
</Location>
<Location /admin/log>
  Order allow,deny
  Allow from All
</Location>
<Policy default>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit All>
    Order allow,deny
    Allow from All
  </Limit>
</Policy>
<Policy authenticated>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit All>
    Order allow,deny
    Allow from All
  </Limit>
</Policy>
<Policy kerberos>
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Order allow,deny
    Allow from All
  </Limit>
  <Limit All>
    Order allow,deny
    Allow from All
  </Limit>
</Policy>

Originally posted by: Ravikanth.sh

Can you please specify cups, aix and gnutls versions ?

Originally posted by: rc015116

cups-2.2.3-1

AIX 6.1

gnutls-3.5.14-1

Originally posted by: Ravikanth.sh

Hi ,

     Thanks for reporting this issue.

     cups-2.2.3-3 with "https" support is available on our AIX toolbox. Use "yum update" to update to latest release.

Originally posted by: rc015116

Thanks for looking into this issue.  https is still not working for me but I'm getting a different error now:

d [16/May/2018:14:56:54 +0600] cupsdAcceptClient(lis=30052528(4)) Clients=1
D [16/May/2018:14:56:54 +0600] [Client 158] Server address is "10.162.7.50".
D [16/May/2018:14:56:54 +0600] [Client 158] Accepted from 10.132.37.125:58778 (IPv4)
d [16/May/2018:14:56:54 +0600] cupsdAddSelect(fd=13, read_cb=300013f4, write_cb=0, data=30492228)
D [16/May/2018:14:56:54 +0600] [Client 158] Waiting for request.
d [16/May/2018:14:56:54 +0600] cupsdCheckJobs: 5 active jobs, sleeping=0, ac-power=-1, reload=0, curtime=1526500614
d [16/May/2018:14:56:54 +0600] cupsdCheckJobs: Job 175 - dest="General_Printer", printer=0, state=6, cancel_time=0, hold_until=0, kill_time=0, pending_cost=0, pending_timeout=0
d [16/May/2018:14:56:54 +0600] cupsdCheckJobs: Job 176 - dest="General_Printer", printer=0, state=6, cancel_time=0, hold_until=0, kill_time=0, pending_cost=0, pending_timeout=0
d [16/May/2018:14:56:54 +0600] cupsdCheckJobs: Job 177 - dest="General_Printer", printer=0, state=6, cancel_time=0, hold_until=0, kill_time=0, pending_cost=0, pending_timeout=0
d [16/May/2018:14:56:54 +0600] cupsdCheckJobs: Job 82887 - dest="jamesprint", printer=0, state=6, cancel_time=0, hold_until=0, kill_time=0, pending_cost=0, pending_timeout=0
d [16/May/2018:14:56:54 +0600] cupsdCheckJobs: Job 82800 - dest="rica50", printer=0, state=3, cancel_time=0, hold_until=0, kill_time=0, pending_cost=0, pending_timeout=0
d [16/May/2018:14:56:54 +0600] select_timeout: JobHistoryUpdate=0
d [16/May/2018:14:56:54 +0600] [Client 158] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=0(), file=-1
d [16/May/2018:14:56:54 +0600] [Client 158] Saw first byte 16, auto-negotiating SSL/TLS session.
E [16/May/2018:14:56:54 +0600] [Client 158] Unable to encrypt connection: The request is invalid.
D [16/May/2018:14:56:54 +0600] [Client 158] Closing connection.
D [16/May/2018:14:56:54 +0600] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
d [16/May/2018:14:56:54 +0600] cupsdRemoveSelect(fd=13)
d [16/May/2018:14:56:54 +0600] cupsdRemoveSelect(fd=-1)
d [16/May/2018:14:56:54 +0600] select_timeout: JobHistoryUpdate=0
d [16/May/2018:14:56:55 +0600] select_timeout: JobHistoryUpdate=0
d [16/May/2018:14:56:55 +0600] select_timeout(0): 11 seconds to start pending jobs
d [16/May/2018:14:56:55 +0600] [Client 157] cupsdReadClient: error=0, used=0, state=HTTP_STATE_WAITING, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=0, request=0(), file=-1
D [16/May/2018:14:56:55 +0600] [Client 157] HTTP_STATE_WAITING Closing for error 32 (Broken pipe)
D [16/May/2018:14:56:55 +0600] [Client 157] Closing connection.
D [16/May/2018:14:56:55 +0600] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
d [16/May/2018:14:56:55 +0600] cupsdRemoveSelect(fd=12)
d [16/May/2018:14:56:55 +0600] cupsdRemoveSelect(fd=-1)
d [16/May/2018:14:56:55 +0600] select_timeout: JobHistoryUpdate=0
d [16/May/2018:14:56:56 +0600] select_timeout: JobHistoryUpdate=0
d [16/May/2018:14:56:56 +0600] select_timeout(0): 11 seconds to start pending jobs

cups-2.2.3-3

gnutls-3.5.14-1

AIX 6.1 (same error on AIX 7.1 as well)

From what I can figure out, "The request is invalid" is a gnutls error (GNUTLS_E_INVALID_REQUEST).  "Unable to encrypt conection:" is from cupsd_start_tls (in client.c) when calling httpEncryption (in http.c).  Within httpEncryption I'm guessing the error happened when calling _httpTLSStart (in tls-gnutls.c).  _httpTLSStart is a large method so I'm not sure which part of it failed.

Originally posted by: Papajair

I am experiencing the exact same problem on AIX 7.1 as well.   Additionally my browser (IE 11) displays the following error when attempting to connect:

"Can't connect securely to this page

This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website's owner.

Your TLS security settings aren't set to the defaults, which could also be causing this error."

Originally posted by: Papajair

@rc015116, what version of OpenSSL do you have installed?

The reason I ask is that I downloaded the cups-2.2.3-3.src.rpm and after extracting the files from the RPM I attempted to do a standard build with the files as supplied by IBM.   My goal was to eventually build with the --enable-debug and --enable-debug-printfs options so I could set the CUPS_DEBUG_LEVEL to 9 for additional logging.

The standard build failed with the following reason:

checking sys/sockio.h usability... no
checking sys/sockio.h presence... no
checking for sys/sockio.h... no
checking for poll... yes
checking for epoll_create... no
checking for kqueue... no
checking for krb5-config_64... no
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
checking for pthread_create using -lpthreads... yes
checking for libgnutls-config... no
checking for libgcrypt-config... /usr/bin/libgcrypt-config
configure: error: Unable to enable SSL support.
error: Bad exit status from /var/tmp/rpm-tmp.tCw7ab (%build)

RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.tCw7ab (%build)

This is on AIX 7.1 TL4 SP4 with the xlc compiler version 12.1.0.5.

OpenSSL is:

# lslpp -L | grep -i openssl
  openssl.base            1.0.2.1300    C     F    Open Secure Socket Layer
 

I found a link: Configure script searches for lifbgnutls-config, which is obsolete and does not present in modern distributions which indicates the pkg-config can be used to create the libgnutls-config.  I think I will try that and see if I can successfully build the standard packages from the source RPM.

Originally posted by: Papajair

That got me farther into the build but I am getting this error now:

Processing files: cups-libs-2.2.3-3.ppc
Finding  Provides: /opt/freeware/lib/rpm/find-provides
Finding  Requires(interp):
Finding  Requires(rpmlib):
Finding  Requires(verify):
Finding  Requires(pre):
Finding  Requires(post):
Finding  Requires(preun):
Finding  Requires(postun):
Finding  Requires(pretrans):
Finding  Requires(posttrans):
Finding  Requires: /opt/freeware/lib/rpm/find-requires
Provides: cups-libs = 2.2.3-3 libcups.a(libcups.so.2) libcups.so libcups.so.2 libcupscgi.a(libcupscgi.so.1) libcupscgi.so libcupscgi
.so.1 libcupsimage.a(libcupsimage.so.2) libcupsimage.so libcupsimage.so.2 libcupsmime.a(libcupsmime.so.1) libcupsmime.so libcupsmime
.so.1 libcupsppdc.a(libcupsppdc.so.1) libcupsppdc.so libcupsppdc.so.1
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: libC.a(ansi_32.o) libC.a(shr.o) libc.a(shr.o) libcups.a(libcups.so.2) libgnutls.a(libgnutls.so.30) libiconv.a(shr4.o) libp
threads.a(shr_xpg5.o) libz.a(libz.so.1)
Processing files: cups-lpd-2.2.3-3.ppc
Finding  Provides: /opt/freeware/lib/rpm/find-provides
Finding  Requires(interp):
Finding  Requires(rpmlib):
Finding  Requires(verify):
Finding  Requires(pre):
Finding  Requires(post):
Finding  Requires(preun):
Finding  Requires(postun):
Finding  Requires(pretrans):
Finding  Requires(posttrans):
Finding  Requires: /opt/freeware/lib/rpm/find-requires
Provides: cups-lpd = 2.2.3-3
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: libc.a(shr.o) libcups.a(libcups.so.2) libpthreads.a(shr_xpg5.o)
Processing files: cups-ipptool-2.2.3-3.ppc
error: Directory not found: /var/tmp/cups-2.2.3-3.ppc/opt/freeware/share/cups/ipptool/*

RPM build errors:
    Directory not found: /var/tmp/cups-2.2.3-3.ppc/opt/freeware/share/cups/ipptool/*

However that directory does exist:

# ls -l /var/tmp/cups-2.2.3-3.ppc/opt/freeware/share/cups/ipptool/*
-r--r--r--    1 root     system       117704 Jun 08 15:28 /var/tmp/cups-2.2.3-3.ppc/opt/freeware/share/cups/ipptool/color.jpg
-r--r--r--    1 root     system         1955 Jun 08 15:28 /var/tmp/cups-2.2.3-3.ppc/opt/freeware/share/cups/ipptool/create-printer-s
ubscription.test
-r--r--r--    1 root     system      1048875 Jun 08 15:28 /var/tmp/cups-2.2.3-3.ppc/opt/freeware/share/cups/ipptool/document-a4.pdf
...

Originally posted by: Papajair

I found the problem.  I had updated to rpm.rte 4.13.0.3 and it appears some of the commands may have changed in the spec file.   Under the %files section for ipp-tools there was this statement:

     %dir %{_datadir}/%{name}/ipptool/*

I assumed that the entire contents of the directory were desired to be included in the rpm so I changed this to:

     %{_datadir}/%{name}/ipptool

This link is the guide I used:  Building open source RPM packages on IBM AIX 

That avoided the previous error and built all of the rpms successfully and included the contents of the directory in the rpm.  I'll verify that with the version available on the AIX Toolbox for Linux page.

I'll rebuild with the --enable-debug and --enable-debug-printfs options for the 'configure' command and see if I can get more detailed debugging information as to why the web interface isn't working.

Originally posted by: Papajair

That appears to be correct and seems to be confirmed by setting CUPS_DEBUG_LEVEL to 9 (from the debug log):

T001 05:30:35.924  httpEncryption(http=30124f58, e=3)
T001 05:30:35.924  _httpTLSStart(http=30124f58)
T001 05:30:35.924  _httpTLSStart: Unable to initialize common TLS parameters: The request is invalid.

This is an excerpt from the section of tls-gnutls.c which generates this error:

  gnutls_certificate_allocate_credentials(credentials);
  status = gnutls_init(&http->tls, http->mode == _HTTP_MODE_CLIENT ? GNUTLS_CLIENT : GNUTLS_SERVER);
  if (!status)
    status = gnutls_set_default_priority(http->tls);

  if (status)
  {
    http->error  = EIO;
    http->status = HTTP_STATUS_ERROR;

    DEBUG_printf(("4_httpTLSStart: Unable to initialize common TLS parameters: %s", gnutls_strerror(status)));
    _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, gnutls_strerror(status), 0);

    gnutls_deinit(http->tls);
    gnutls_certificate_free_credentials(*credentials);
    free(credentials);
    http->tls = NULL;

    return (-1);
  }

From my way of reading, I can't tell if the failure is actually the gnutls_init call or if it is the call to gnutls_set_default_priority, but one of them is failing with "The request is invalid" displayed in the debug message.

Originally posted by: Papajair

I believe the failure is actually in the gnutls_set_default_priority.  This gnutls_set_default_priority function call gnutls_priority_init which can return the GNUTLS_E_INVALID_REQUEST.

I believe the problem is that in a portion of the function, it attempts to load the default priorities from the file /etc/gnutls-default-priorities file which isn't provided with the rpm provided by the build available from AIX Toolbox for Linux Applications.

This happens to be an option passed by configure utility from the gnutls-3.5.14-1.spec file and isn't present in the provided .spec file.  The file is created by passing in the --with-system-priority-file flag and if no file is specified then the /etc/gnutls-default-priorities is created.

I attempted a build of gnutls-3.5.14-1 from the spec file but it failed due to the following error:

  CCLD     libgnutls.la
grep: can't open /opt/freeware/lib/libintl.la
/opt/freeware/bin/sed: can't read /opt/freeware/lib/libintl.la: No such file or directory
libtool:   error: '/opt/freeware/lib/libintl.la' is not a valid libtool archive
gmake[4]: *** [Makefile:1733: libgnutls.la] Error 1
gmake[4]: Leaving directory '/opt/freeware/src/packages/BUILD/gnutls-3.5.14/64bit/lib'
gmake[3]: *** [Makefile:1949: all-recursive] Error 1
gmake[3]: Leaving directory '/opt/freeware/src/packages/BUILD/gnutls-3.5.14/64bit/lib'
gmake[2]: *** [Makefile:1636: all] Error 2
gmake[2]: Leaving directory '/opt/freeware/src/packages/BUILD/gnutls-3.5.14/64bit/lib'
gmake[1]: *** [Makefile:1463: all-recursive] Error 1
gmake[1]: Leaving directory '/opt/freeware/src/packages/BUILD/gnutls-3.5.14/64bit'
gmake: *** [Makefile:1391: all] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.NGkMab (%build)

It appears that the gettext-0.19.8.101.rpm doesn't provide the libintl.la file, however the file is created if the source rpm is built.  So this would lead me to two requests from this point forward

1. Can the gnutls package be built with the --with-system-priority-file flag so that the default priorities file can be created and included in the rpm file?
2. Can the gettext package be built and packages in such a manner that the libintl.la files are included so the gnutls package can be built?

Originally posted by: Papajair

On my 2nd attempt to build gnutls (after partially building getttext) I received the following error:

+ export DOCDIR

+ /usr/bin/mkdir -p /var/tmp/gnutls-3.5.14-1.ppc/opt/freeware/doc/gnutls-3.5.14

+ cp -pr 32bit/AUTHORS /var/tmp/gnutls-3.5.14-1.ppc/opt/freeware/doc/gnutls-3.5.14

+ cp -pr 32bit/COPYING /var/tmp/gnutls-3.5.14-1.ppc/opt/freeware/doc/gnutls-3.5.14

cp: 32bit/COPYING: No such file or directory

 

 

　

RPM build errors:

Bad exit status from /var/tmp/rpm-tmp.25Oqad (%doc)

File not found: /var/tmp/gnutls-3.5.14-1.ppc/opt/freeware/doc/gnutls-3.5.14/COPYING

 

 

I believe this is an error in the .spec file so I will see if I can correct the issue.

Originally posted by: Ravikanth.sh

Hi

Yes, you are right!  gnutls_set_default_priority() is failing while handshake, due to lack of certificates and key settings. You can configure your security settings in a default priority file and use.

We are working on fixing the issue by shipping default certificates for mozilla browser and building gnutls with key string  @SYSTEM so that it can use default certificates from the system.

Originally posted by: Papajair

@Ravikanth.sh 48333dc9-c1c9-4d68-bca8-e78cdb64cdd0 thanks.  I do not know how to configure the default priority file.  I assumed that reading the documentation for gnutls_priority_init that you use the configure option --with-system-priority-file to create the /etc/gnutls-default-priorities.   I noticed with the standard .spec file provided with gnutls-3.5.14-1.aix6.1.rpm produces this display when invoked:

configure: System files:

Trust store pkcs11: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit

Trust store dir:

Trust store file:

Blacklist file:

CRL file:

Priority file: /etc/gnutls/default-priorities

DNSSEC root key file: /etc/unbound/root.key

configure: WARNING:

***

*** The DNSSEC root key file in /etc/unbound/root.key was not found.

When I changed the .spec file to pass the  --with-system-priority-file the display looked like this:

configure: System files:

Trust store pkcs11: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit

Trust store dir:

Trust store file:

Blacklist file:

CRL file:

Priority file: yes

DNSSEC root key file: /etc/unbound/root.key

configure: WARNING:

***

*** The DNSSEC root key file in /etc/unbound/root.key was not found.

Am I incorrect in thinking that the /etc/gnutls-default-priorities will be generated as a result of executing configure with the correct options?

Should I execute configure with the --with-system-priority-file="/etc/gnutls-default-priorities" option to get the file created?

Originally posted by: Papajair

Tried executing the build in that manner but no /etc/gnutls/default-priorities file was created.   I manually created one with 'SYSTEM=NOMRAL:' as it's contents but while logging from GNUTLS indicated the following:

gnutls[2]: Enabled GnuTLS 3.5.14 logging...
gnutls[2]: cached system priority /etc/gnutls/default-priorities mtime 1528989268
gnutls[5]: REC[30492258]: Allocating epoch #0
gnutls[2]: system priority /etc/gnutls/default-priorities has not changed
gnutls[2]: resolved 'SYSTEM' to 'NORMAL:', next ''
gnutls[2]: selected priority string: NORMAL:
gnutls[3]: ASSERT: priority.c[gnutls_priority_set_direct]:1497
gnutls[5]: REC[30492258]: Start of epoch cleanup
gnutls[5]: REC[30492258]: End of epoch cleanup
gnutls[5]: REC[30492258]: Epoch #0 freed
gnutls[5]: REC[30492258]: Allocating epoch #0
gnutls[2]: system priority /etc/gnutls/default-priorities has not changed
gnutls[2]: resolved 'SYSTEM' to 'NORMAL:', next ''
gnutls[2]: selected priority string: NORMAL:
gnutls[3]: ASSERT: priority.c[gnutls_priority_set_direct]:1497
gnutls[5]: REC[30492258]: Start of epoch cleanup
gnutls[5]: REC[30492258]: End of epoch cleanup
gnutls[5]: REC[30492258]: Epoch #0 freed
gnutls[5]: REC[30492258]: Allocating epoch #0
gnutls[2]: system priority /etc/gnutls/default-priorities has not changed
gnutls[2]: resolved 'SYSTEM' to 'NORMAL:', next ''
gnutls[2]: selected priority string: NORMAL:
gnutls[3]: ASSERT: priority.c[gnutls_priority_set_direct]:1497
gnutls[5]: REC[30492258]: Start of epoch cleanup
gnutls[5]: REC[30492258]: End of epoch cleanup
gnutls[5]: REC[30492258]: Epoch #0 freed

But I still received the same result of the web interface not working.

Any suggestions for the contents of the /etc/gnutls/default-priorities file?

Originally posted by: Papajair

I have a workaround for the time being.

1. Create the /etc/gnutls directory.
2. Create the /etc/gnutls/default-priorities with this line in the file  SYSTEM=NORMAL:%COMPAT

From IE 11 I received this information from the CUPS Web Interface:

This site is not secure

This might mean that someone's trying to fool you or steal any info you send to the server. You should close this site immediately.

 

Recommended icon

Close this tab

 

More information  More information

Your PC doesn't trust this website's security certificate.
Error Code: DLG_FLAGS_INVALID_CA

Not recommended icon
Go on to the webpage (not recommended)

At this point you can click on the "Go on to the webpage (not recommended)" link and go to the CUPS Web Administration page.