From c64e9992e6f3327e7167416fe55e0b56d6f99a58 Mon Sep 17 00:00:00 2001
From: Koichiro IWAO <meta@vmeta.jp>
Date: Wed, 14 Dec 2016 14:47:46 +0900
Subject: [PATCH] TLS: warn if no SSL/TLS protocols enabled

---
 libxrdp/xrdp_rdp.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index bdb552c8..e84ff95b 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -170,7 +170,7 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
             tmp = g_new(char, tmp_length);
             g_snprintf(tmp, tmp_length, "%s%s%s", " ", value, " ");
 
-	    /* disable all protocols first, enable later */
+            /* disable all protocols first, enable later */
             client_info->ssl_protocols =
                 SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
 
@@ -194,6 +194,14 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                 log_message(LOG_LEVEL_DEBUG, "SSLv3 enabled");
                 client_info->ssl_protocols &= ~SSL_OP_NO_SSLv3;
             }
+
+            if (client_info->ssl_protocols ==
+                (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2))
+            {
+                log_message(LOG_LEVEL_WARNING, "No SSL/TLS protocols enabled. "
+                            "At least one protocol should be enabled to accept "
+                            "TLS connections.");
+            }
         }
         else if (g_strcasecmp(item, "tls_ciphers") == 0)
         {