01/01: services: cups: Update SSL-OPTIONS docstring.

[guix-commits]

nckx pushed a commit to branch master
in repository guix.

commit 9e3ef6f3e37aa65f25cbe025106324144ed42b3d
Author: Tobias Geerinckx-Rice <address@hidden>
Date:   Tue Aug 27 08:58:17 2019 +0200

    services: cups: Update SSL-OPTIONS docstring.
    
    This follows up on commit f9c1ebdb7daea30ceaf73f43bf15c222dc4a58ad.
    
    * gnu/services/cups.scm (cups-configuration)<ssl-options>:
    Update docstring.
---
 gnu/services/cups.scm | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
index c20244c..e77c43b 100644
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@@ -809,12 +809,15 @@ an IPv6 address enclosed in brackets, an IPv4 address, or 
@code{*} to indicate
 all addresses.")
   (ssl-options
    (ssl-options '())
-   "Sets encryption options.
-By default, CUPS only supports encryption using TLS v1.0 or higher using known
-secure cipher suites.  The @code{AllowRC4} option enables the 128-bit RC4
-cipher suites, which are required for some older clients that do not implement
-newer ones.  The @code{AllowSSL3} option enables SSL v3.0, which is required
-for some older clients that do not support TLS v1.0.")
+   "Sets encryption options.  By default, CUPS only supports encryption
+using TLS v1.0 or higher using known secure cipher suites.  Security is
+reduced when @code{Allow} options are used, and enhanced when @code{Deny}
+options are used.  The @code{AllowRC4} option enables the 128-bit RC4 cipher
+suites, which are required for some older clients.  The @code{AllowSSL3} option
+enables SSL v3.0, which is required for some older clients that do not support
+TLS v1.0.  The @code{DenyCBC} option disables all CBC cipher suites.  The
+@code{DenyTLS1.0} option disables TLS v1.0 support - this sets the minimum
+protocol version to TLS v1.1.")
   #;
   (ssl-port
    (non-negative-integer 631)