note TLS 1.2 or smaller for EAP-FAST

diff --git a/src/main/tls.c b/src/main/tls.c
index 4c8af6ca11fa15ac460b57feeea1d78f87189996..354dc05d9a15ae71c8af713f546d3cee8ad1b4a1 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -713,7 +713,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
 
 #ifdef TLS1_3_VERSION
        /*
-        *      Disallow TLS 1.3 for TTLS, PEAP, and FAST.
+        *      Disallow TLS 1.3 for FAST.
         *
         *      We need another magic configuration option to allow
         *      it.
@@ -722,10 +722,8 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
                WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
                WARN("!!                    FORCING MAXIMUM TLS VERSION TO TLS 1.2                  !!");
                WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
-               WARN("!! There is either no standard for using this EAP method with TLS 1.3,");
-               WARN("!! or FreeRADIUS does not fully support TLS 1.3 for this EAP method.");
-               WARN("!!");
-               WARN("!! This message can be removed by setting tls_max_version = \"1.2\"");
+               WARN("!! There is no standard for using this EAP method with TLS 1.3");
+               WARN("!! Please set tls_max_version = \"1.2\"");
                WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
 
                if (SSL_set_max_proto_version(new_tls, TLS1_2_VERSION) == 0) {