Merge pull request #4613 from matrix-org/rav/deprecate_no_tls

Infer no_tls from presence of TLS listeners
author: Erik Johnston <erikj@jki.re> 2019-02-12 09:59:53 +0000
committer: GitHub <noreply@github.com> 2019-02-12 09:59:53 +0000
commit: 8a2e3164130bce3a43b4c499db8c0cc6c4ae0c4d (patch)
tree: 9aecae58476c7fa957324ea960bdcc4a24158c59 /synapse/crypto/context_factory.py
parent: Move ClientTLSOptionsFactory init out of refresh_certificates (#4611) (diff)
parent: fix tests (diff)
download: synapse-8a2e3164130bce3a43b4c499db8c0cc6c4ae0c4d.tar.xz
1 files changed, 1 insertions, 3 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 286ad80100..85f2848fb1 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -43,9 +43,7 @@ class ServerContextFactory(ContextFactory):
             logger.exception("Failed to enable elliptic curve for TLS")
         context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
         context.use_certificate_chain_file(config.tls_certificate_file)
-
-        if not config.no_tls:
-            context.use_privatekey(config.tls_private_key)
+        context.use_privatekey(config.tls_private_key)
 
         # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
         context.set_cipher_list(
author	Erik Johnston <erikj@jki.re>	2019-02-12 09:59:53 +0000
committer	GitHub <noreply@github.com>	2019-02-12 09:59:53 +0000
commit	8a2e3164130bce3a43b4c499db8c0cc6c4ae0c4d (patch)
tree	9aecae58476c7fa957324ea960bdcc4a24158c59 /synapse/crypto/context_factory.py
parent	Move ClientTLSOptionsFactory init out of refresh_certificates (#4611) (diff)
parent	fix tests (diff)
download	synapse-8a2e3164130bce3a43b4c499db8c0cc6c4ae0c4d.tar.xz