enable ECDHE ciphers

author: Mark Haines <mark.haines@matrix.org> 2014-09-01 22:29:31 +0100
committer: Mark Haines <mark.haines@matrix.org> 2014-09-01 22:29:44 +0100
commit: 79650f795f16e360338135e1d0819c3597c32eb6 (patch)
tree: 5ddc205fea7b380001e6e3b28ec0a05b1a484cff /synapse/crypto
parent: Reënable presence visibility permission checking now it's not used on redund... (diff)
download: synapse-79650f795f16e360338135e1d0819c3597c32eb6.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index fe58d65305..45958abbf5 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -1,5 +1,6 @@
 from twisted.internet import reactor, ssl
 from OpenSSL import SSL
+from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName
 
 
 class ServerContextFactory(ssl.ContextFactory):
@@ -12,6 +13,11 @@ class ServerContextFactory(ssl.ContextFactory):
 
     @staticmethod
     def configure_context(context, config):
+        try:
+            _ecCurve = _OpenSSLECCurve(_defaultCurveName)
+            _ecCurve.addECKeyToContext(context)
+        except:
+            pass
         context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
         context.use_certificate(config.tls_certificate)
         context.use_privatekey(config.tls_private_key)
author	Mark Haines <mark.haines@matrix.org>	2014-09-01 22:29:31 +0100
committer	Mark Haines <mark.haines@matrix.org>	2014-09-01 22:29:44 +0100
commit	79650f795f16e360338135e1d0819c3597c32eb6 (patch)
tree	5ddc205fea7b380001e6e3b28ec0a05b1a484cff /synapse/crypto
parent	Reënable presence visibility permission checking now it's not used on redund... (diff)
download	synapse-79650f795f16e360338135e1d0819c3597c32eb6.tar.xz