diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 7a3d6e3a02..005fc1d16e 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -19,6 +19,9 @@ from OpenSSL import crypto
import subprocess
import os
+GENERATE_DH_PARAMS=False
+
+
class TlsConfig(Config):
def __init__(self, args):
super(TlsConfig, self).__init__(args)
@@ -97,10 +100,29 @@ class TlsConfig(Config):
certifcate_file.write(cert_pem)
if not os.path.exists(args.tls_dh_params_path):
- subprocess.check_call([
- "openssl", "dhparam",
- "-outform", "PEM",
- "-out", args.tls_dh_params_path,
- "2048"
- ])
-
+ if GENERATE_DH_PARAMS:
+ subprocess.check_call([
+ "openssl", "dhparam",
+ "-outform", "PEM",
+ "-out", args.tls_dh_params_path,
+ "2048"
+ ])
+ else:
+ with open(args.tls_dh_params_path, "w") as dh_params_file:
+ dh_params_file.write(
+ "2048-bit DH parameters taken from rfc3526\n"
+ "-----BEGIN DH PARAMETERS-----\n"
+ "MIIBCAKCAQEA///////////JD9qiIWjC"
+ "NMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n"
+ "IlFKCHmONATd75UZs806QxswKwpt8l8U"
+ "N0/hNW1tUcJF5IW1dmJefsb0TELppjft\n"
+ "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf"
+ "5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n"
+ "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVS"
+ "u57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n"
+ "fDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
+ "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n"
+ "5RXSJhiY+gUQFXKOWoqsqmj/////////"
+ "/wIBAg==\n"
+ "-----END DH PARAMETERS-----\n"
+ )
|
