Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550)

author: Amber Brown <hawkowl@atleastfornow.net> 2019-06-28 18:19:09 +1000
committer: GitHub <noreply@github.com> 2019-06-28 18:19:09 +1000
commit: be3b901ccdf28d0f81d312d7cd8b7bedb22b4049 (patch)
tree: c2d74f0f8aee048f47cdfdc61f83e171201a45e0 /changelog.d
parent: Added possibilty to disable local password authentication (#5092) (diff)
download: synapse-be3b901ccdf28d0f81d312d7cd8b7bedb22b4049.tar.xz
2 files changed, 2 insertions, 0 deletions
diff --git a/changelog.d/5550.feature b/changelog.d/5550.feature
new file mode 100644
index 0000000000..79ecedf3b8
--- /dev/null
+++ b/changelog.d/5550.feature
@@ -0,0 +1 @@
+The minimum TLS version used for outgoing federation requests can now be set with `federation_client_minimum_tls_version`.
diff --git a/changelog.d/5550.misc b/changelog.d/5550.misc
new file mode 100644
index 0000000000..ad5693338e
--- /dev/null
+++ b/changelog.d/5550.misc
@@ -0,0 +1 @@
+Synapse will now only allow TLS v1.2 connections when serving federation, if it terminates TLS. As Synapse's allowed ciphers were only able to be used in TLSv1.2 before, this does not change behaviour.
author	Amber Brown <hawkowl@atleastfornow.net>	2019-06-28 18:19:09 +1000
committer	GitHub <noreply@github.com>	2019-06-28 18:19:09 +1000
commit	be3b901ccdf28d0f81d312d7cd8b7bedb22b4049 (patch)
tree	c2d74f0f8aee048f47cdfdc61f83e171201a45e0 /changelog.d
parent	Added possibilty to disable local password authentication (#5092) (diff)
download	synapse-be3b901ccdf28d0f81d312d7cd8b7bedb22b4049.tar.xz