summary refs log tree commit diff
path: root/synapse/config/tls.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-02-11 17:57:58 +0000
committerRichard van der Hoff <richard@matrix.org>2019-02-11 21:39:14 +0000
commit4fddf8fc77496d9bb3b5fa8835f0e5ba9a5a9926 (patch)
tree642076f830711fb2e967799b136cb92030e2026b /synapse/config/tls.py
parentMerge branch 'rav/no_create_server_contexts_if_no_tls' into rav/tls_cert/work (diff)
downloadsynapse-4fddf8fc77496d9bb3b5fa8835f0e5ba9a5a9926.tar.xz
Infer no_tls from presence of TLS listeners
Rather than have to specify `no_tls` explicitly, infer whether we need to load
the TLS keys etc from whether we have any TLS-enabled listeners.
Diffstat (limited to 'synapse/config/tls.py')
-rw-r--r--synapse/config/tls.py10
1 files changed, 2 insertions, 8 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 76d2add4fe..e37a41eff4 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -51,7 +51,6 @@ class TlsConfig(Config):
             self._original_tls_fingerprints = []
 
         self.tls_fingerprints = list(self._original_tls_fingerprints)
-        self.no_tls = config.get("no_tls", False)
 
         # This config option applies to non-federation HTTP clients
         # (e.g. for talking to recaptcha, identity servers, and such)
@@ -141,6 +140,8 @@ class TlsConfig(Config):
 
         return (
             """\
+        ## TLS ##
+
         # PEM-encoded X509 certificate for TLS.
         # This certificate, as of Synapse 1.0, will need to be a valid and verifiable
         # certificate, signed by a recognised Certificate Authority.
@@ -201,13 +202,6 @@ class TlsConfig(Config):
             #
             # reprovision_threshold: 30
 
-        # If your server runs behind a reverse-proxy which terminates TLS connections
-        # (for both client and federation connections), it may be useful to disable
-        # All TLS support for incoming connections. Setting no_tls to True will
-        # do so (and avoid the need to give synapse a TLS private key).
-        #
-        # no_tls: True
-
         # List of allowed TLS fingerprints for this server to publish along
         # with the signing keys for this server. Other matrix servers that
         # make HTTPS requests to this server will check that the TLS