add more warnings at run-time, too

author Alan T. DeKok <aland@freeradius.org>

Mon, 31 May 2021 20:53:29 +0000 (16:53 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 31 May 2021 20:53:29 +0000 (16:53 -0400)
author Alan T. DeKok <aland@freeradius.org>
Mon, 31 May 2021 20:53:29 +0000 (16:53 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 31 May 2021 20:53:29 +0000 (16:53 -0400)
diff --git a/src/main/tls.c b/src/main/tls.c

index 9085272c769a530dcedd83f1dc72c6f728b0dc20..6ec120a86636174475bde81d53902b3dc4a3dae4 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -648,6 +648,13 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
          *      it.
          */
         if (!allow_tls13 && (conf->max_version == TLS1_3_VERSION)) {
+               WARN("FORCING MAXIMUM TLS VERSION TO TLS 1.3");
+               WARN("There is no standard for using this EAP method with TLS 1.3");
+               WARN("Please set tls_max_version = \"1.2\"");
+               WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows");
+               WARN("This limitation is likely to change in late 2021.");
+               WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade");
+
                 if (SSL_set_max_proto_version(new_tls, TLS1_2_VERSION) == 0) {
                         tls_error_log(request, "Failed limiting maximum version to TLS 1.3");
                         return NULL;
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 31 May 2021 20:53:29 +0000 (16:53 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 31 May 2021 20:53:29 +0000 (16:53 -0400)