diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index a5a2a7815d..2b03f5ac76 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -48,6 +48,14 @@ class ServerContextFactory(ContextFactory):
connections."""
def __init__(self, config):
+ # TODO: once pyOpenSSL exposes TLS_METHOD and SSL_CTX_set_min_proto_version,
+ # switch to those (see https://github.com/pyca/cryptography/issues/5379).
+ #
+ # note that, despite the confusing name, SSLv23_METHOD does *not* enforce SSLv2
+ # or v3, but is a synonym for TLS_METHOD, which allows the client and server
+ # to negotiate an appropriate version of TLS constrained by the version options
+ # set with context.set_options.
+ #
self._context = SSL.Context(SSL.SSLv23_METHOD)
self.configure_context(self._context, config)
@@ -75,7 +83,7 @@ class ServerContextFactory(ContextFactory):
@implementer(IPolicyForHTTPS)
-class FederationPolicyForHTTPS(object):
+class FederationPolicyForHTTPS:
"""Factory for Twisted SSLClientConnectionCreators that are used to make connections
to remote servers for federation.
@@ -144,7 +152,7 @@ class FederationPolicyForHTTPS(object):
@implementer(IPolicyForHTTPS)
-class RegularPolicyForHTTPS(object):
+class RegularPolicyForHTTPS:
"""Factory for Twisted SSLClientConnectionCreators that are used to make connections
to remote servers, for other than federation.
@@ -181,7 +189,7 @@ def _context_info_cb(ssl_connection, where, ret):
@implementer(IOpenSSLClientConnectionCreator)
-class SSLClientConnectionCreator(object):
+class SSLClientConnectionCreator:
"""Creates openssl connection objects for client connections.
Replaces twisted.internet.ssl.ClientTLSOptions
@@ -206,7 +214,7 @@ class SSLClientConnectionCreator(object):
return connection
-class ConnectionVerifier(object):
+class ConnectionVerifier:
"""Set the SNI, and do cert verification
This is a thing which is attached to the TLSMemoryBIOProtocol, and is called by
|
