Heavier warning about disabling TLS verification

author: Andrew Morgan <andrew@amorgan.xyz> 2019-04-08 17:58:54 +0100
committer: Andrew Morgan <andrew@amorgan.xyz> 2019-04-08 17:58:54 +0100
commit: 92cc6b0383482200785f09d6e1531563eb50bb90 (patch)
tree: 8043ebd64f91e39ac2f57d61c546255d2a4f191c
parent: Add comment and simplify diff (diff)
download: synapse-92cc6b0383482200785f09d6e1531563eb50bb90.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index ea54bd0793..72dd5926f9 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -251,8 +251,9 @@ class TlsConfig(Config):
         # Skip federation certificate verification on the following whitelist
         # of domains.
         #
-        # This setting should only normally be used within a private network of
-        # homeservers.
+        # This setting should only be used in very specific cases, such as
+        # federation over Tor hidden services and similar. For private networks
+        # of homeservers, you likely want to use a private CA instead.
         #
         # Only effective if federation_verify_certicates is `true`.
         #
author	Andrew Morgan <andrew@amorgan.xyz>	2019-04-08 17:58:54 +0100
committer	Andrew Morgan <andrew@amorgan.xyz>	2019-04-08 17:58:54 +0100
commit	92cc6b0383482200785f09d6e1531563eb50bb90 (patch)
tree	8043ebd64f91e39ac2f57d61c546255d2a4f191c
parent	Add comment and simplify diff (diff)
download	synapse-92cc6b0383482200785f09d6e1531563eb50bb90.tar.xz