diff options
| author | Richard van der Hoff <richard@matrix.org> | 2019-06-05 14:16:07 +0100 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2019-06-05 14:17:50 +0100 |
| commit | e2dfb922e1334e4a506a9d678d0f1bf573cc95e6 (patch) | |
| tree | b0e43cf8df9b95a1c5f513a7a9253975c41b63f3 /synapse/config/tls.py | |
| parent | Add a test room version where we enforce key validity (#5348) (diff) | |
| download | synapse-e2dfb922e1334e4a506a9d678d0f1bf573cc95e6.tar.xz | |
Validate federation server TLS certificates by default.
Diffstat (limited to 'synapse/config/tls.py')
| -rw-r--r-- | synapse/config/tls.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 72dd5926f9..43712b8213 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -74,7 +74,7 @@ class TlsConfig(Config): # Whether to verify certificates on outbound federation traffic self.federation_verify_certificates = config.get( - "federation_verify_certificates", False, + "federation_verify_certificates", True, ) # Whitelist of domains to not verify certificates for @@ -241,12 +241,12 @@ class TlsConfig(Config): # #tls_private_key_path: "%(tls_private_key_path)s" - # Whether to verify TLS certificates when sending federation traffic. + # Whether to verify TLS server certificates for outbound federation requests. # - # This currently defaults to `false`, however this will change in - # Synapse 1.0 when valid federation certificates will be required. + # Defaults to `true`. To disable certificate verification, uncomment the + # following line. # - #federation_verify_certificates: true + #federation_verify_certificates: false # Skip federation certificate verification on the following whitelist # of domains. |