summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark Haines <mark.haines@matrix.org>2014-09-01 20:35:10 +0100
committerMark Haines <mark.haines@matrix.org>2014-09-01 20:35:18 +0100
commit8b69468e5fb9382f9ef0d46eb8e66fa226bb7618 (patch)
tree078a01118c6a98cbe2afa4ee7d475ed1fdaf76c2
parentThat was a breaking db change. You need to recreate the databases. (In realit... (diff)
downloadsynapse-8b69468e5fb9382f9ef0d46eb8e66fa226bb7618.tar.xz
Use pregenerated DH params when generating config
Diffstat (limited to '')
-rw-r--r--synapse/config/tls.py36
1 files changed, 29 insertions, 7 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 7a3d6e3a02..005fc1d16e 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -19,6 +19,9 @@ from OpenSSL import crypto
 import subprocess
 import os
 
+GENERATE_DH_PARAMS=False
+
+
 class TlsConfig(Config):
     def __init__(self, args):
         super(TlsConfig, self).__init__(args)
@@ -97,10 +100,29 @@ class TlsConfig(Config):
                 certifcate_file.write(cert_pem)
 
         if not os.path.exists(args.tls_dh_params_path):
-            subprocess.check_call([
-                "openssl", "dhparam",
-                "-outform", "PEM",
-                "-out", args.tls_dh_params_path,
-                "2048"
-            ])
-
+            if GENERATE_DH_PARAMS:
+                subprocess.check_call([
+                    "openssl", "dhparam",
+                    "-outform", "PEM",
+                    "-out", args.tls_dh_params_path,
+                    "2048"
+                ])
+            else:
+                with open(args.tls_dh_params_path, "w") as dh_params_file:
+                    dh_params_file.write(
+                        "2048-bit DH parameters taken from rfc3526\n"
+                        "-----BEGIN DH PARAMETERS-----\n"
+                        "MIIBCAKCAQEA///////////JD9qiIWjC"
+                        "NMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n"
+                        "IlFKCHmONATd75UZs806QxswKwpt8l8U"
+                        "N0/hNW1tUcJF5IW1dmJefsb0TELppjft\n"
+                        "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf"
+                        "5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n"
+                        "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVS"
+                        "u57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n"
+                        "fDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
+                        "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n"
+                        "5RXSJhiY+gUQFXKOWoqsqmj/////////"
+                        "/wIBAg==\n"
+                        "-----END DH PARAMETERS-----\n"
+                    )