From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 31 May 2021 20:53:29 +0000 (-0400)
Subject: add more warnings at run-time, too
X-Git-Tag: release_3_0_23~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f20b5ec423606ed607856477e16653ffc4a9b530;p=thirdparty%2Ffreeradius-server.git

add more warnings at run-time, too
---

diff --git a/src/main/tls.c b/src/main/tls.c
index 9085272c769..6ec120a8663 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -648,6 +648,13 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
 	 *	it.
 	 */
 	if (!allow_tls13 && (conf->max_version == TLS1_3_VERSION)) {
+		WARN("FORCING MAXIMUM TLS VERSION TO TLS 1.3");
+		WARN("There is no standard for using this EAP method with TLS 1.3");
+		WARN("Please set tls_max_version = \"1.2\"");
+		WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows");
+		WARN("This limitation is likely to change in late 2021.");
+		WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade");
+
 		if (SSL_set_max_proto_version(new_tls, TLS1_2_VERSION) == 0) {
 			tls_error_log(request, "Failed limiting maximum version to TLS 1.3");
 			return NULL;