Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550)

author: Amber Brown <hawkowl@atleastfornow.net> 2019-06-28 18:19:09 +1000
committer: GitHub <noreply@github.com> 2019-06-28 18:19:09 +1000
commit: be3b901ccdf28d0f81d312d7cd8b7bedb22b4049 (patch)
tree: c2d74f0f8aee048f47cdfdc61f83e171201a45e0 /docs
parent: Added possibilty to disable local password authentication (#5092) (diff)
download: synapse-be3b901ccdf28d0f81d312d7cd8b7bedb22b4049.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index a01e1152f7..bf9cd88b15 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -317,6 +317,15 @@ listeners:
 #
 #federation_verify_certificates: false
 
+# The minimum TLS version that will be used for outbound federation requests.
+#
+# Defaults to `1`. Configurable to `1`, `1.1`, `1.2`, or `1.3`. Note
+# that setting this value higher than `1.2` will prevent federation to most
+# of the public Matrix network: only configure it to `1.3` if you have an
+# entirely private federation setup and you can ensure TLS 1.3 support.
+#
+#federation_client_minimum_tls_version: 1.2
+
 # Skip federation certificate verification on the following whitelist
 # of domains.
 #
author	Amber Brown <hawkowl@atleastfornow.net>	2019-06-28 18:19:09 +1000
committer	GitHub <noreply@github.com>	2019-06-28 18:19:09 +1000
commit	be3b901ccdf28d0f81d312d7cd8b7bedb22b4049 (patch)
tree	c2d74f0f8aee048f47cdfdc61f83e171201a45e0 /docs
parent	Added possibilty to disable local password authentication (#5092) (diff)
download	synapse-be3b901ccdf28d0f81d312d7cd8b7bedb22b4049.tar.xz