From c5cd82934956328065edd0ed156fc62752210c49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Michel?= <francois.michel@uclouvain.be>
Date: Tue, 30 Jul 2024 09:44:45 +0000
Subject: [PATCH] client: add warning when -no-pkce is set

---
 cmd/ssh3.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/ssh3.go b/cmd/ssh3.go
index 77cfc12..61dd4e2 100644
--- a/cmd/ssh3.go
+++ b/cmd/ssh3.go
@@ -355,6 +355,10 @@ func ClientMain() int {
 
 	log.Debug().Msgf("version %s", ssh3.GetCurrentSoftwareVersion())
 
+	if *noPKCE {
+		log.Warn().Msgf("Disabling PKCE is considered insecure to machine-in-the-middle attacks. Consider enabling PKCE by default!")
+	}
+
 	knownHostsPath := path.Join(ssh3Dir, "known_hosts")
 	knownHosts, skippedLines, err := ssh3.ParseKnownHosts(knownHostsPath)
 	if len(skippedLines) != 0 {