diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-06-06 10:50:42 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-06 10:50:42 +0100 |
commit | cb3b381fcbb7e9bcb3a3e46b08d21ae5b2f3de24 (patch) | |
tree | b82425dd1854b01dfeea7156e1736aa40f8bdb8e /synapse/config | |
parent | Merge pull request #5361 from matrix-org/rav/generate_signing_key (diff) | |
parent | Merge branch 'rav/fix_custom_ca' into rav/enable_tls_verification (diff) | |
download | synapse-cb3b381fcbb7e9bcb3a3e46b08d21ae5b2f3de24.tar.xz |
Merge pull request #5359 from matrix-org/rav/enable_tls_verification
Validate federation server TLS certificates by default.
Diffstat (limited to 'synapse/config')
-rw-r--r-- | synapse/config/tls.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/synapse/config/tls.py b/synapse/config/tls.py index 94a53d05f9..658f9dd361 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -74,7 +74,7 @@ class TlsConfig(Config): # Whether to verify certificates on outbound federation traffic self.federation_verify_certificates = config.get( - "federation_verify_certificates", False, + "federation_verify_certificates", True, ) # Whitelist of domains to not verify certificates for @@ -241,12 +241,12 @@ class TlsConfig(Config): # #tls_private_key_path: "%(tls_private_key_path)s" - # Whether to verify TLS certificates when sending federation traffic. + # Whether to verify TLS server certificates for outbound federation requests. # - # This currently defaults to `false`, however this will change in - # Synapse 1.0 when valid federation certificates will be required. + # Defaults to `true`. To disable certificate verification, uncomment the + # following line. # - #federation_verify_certificates: true + #federation_verify_certificates: false # Skip federation certificate verification on the following whitelist # of domains. |