summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorJerin J Titus <72017981+jerinjtitus@users.noreply.github.com>2021-05-24 22:13:30 +0530
committerGitHub <noreply@github.com>2021-05-24 17:43:30 +0100
commit057ce7b75406dc97be8ff2c890c47fd9357b0773 (patch)
tree0f009796547429e7adff2ee0a09baf9b67083070 /docs
parentFix --no-daemonize for synctl with workers (#9995) (diff)
downloadsynapse-057ce7b75406dc97be8ff2c890c47fd9357b0773.tar.xz
Remove tls_fingerprints option (#9280)
Signed-off-by: Jerin J Titus <72017981+jerinjtitus@users.noreply.github.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/sample_config.yaml27
1 files changed, 0 insertions, 27 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index f0f9f06a6e..6576b153d0 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -683,33 +683,6 @@ acme:
     #
     account_key_file: DATADIR/acme_account.key
 
-# List of allowed TLS fingerprints for this server to publish along
-# with the signing keys for this server. Other matrix servers that
-# make HTTPS requests to this server will check that the TLS
-# certificates returned by this server match one of the fingerprints.
-#
-# Synapse automatically adds the fingerprint of its own certificate
-# to the list. So if federation traffic is handled directly by synapse
-# then no modification to the list is required.
-#
-# If synapse is run behind a load balancer that handles the TLS then it
-# will be necessary to add the fingerprints of the certificates used by
-# the loadbalancers to this list if they are different to the one
-# synapse is using.
-#
-# Homeservers are permitted to cache the list of TLS fingerprints
-# returned in the key responses up to the "valid_until_ts" returned in
-# key. It may be necessary to publish the fingerprints of a new
-# certificate and wait until the "valid_until_ts" of the previous key
-# responses have passed before deploying it.
-#
-# You can calculate a fingerprint from a given TLS listener via:
-# openssl s_client -connect $host:$port < /dev/null 2> /dev/null |
-#   openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '='
-# or by checking matrix.org/federationtester/api/report?server_name=$host
-#
-#tls_fingerprints: [{"sha256": "<base64_encoded_sha256_fingerprint>"}]
-
 
 ## Federation ##