diff options
author | Mark Haines <mark.haines@matrix.org> | 2014-09-01 22:29:31 +0100 |
---|---|---|
committer | Mark Haines <mark.haines@matrix.org> | 2014-09-01 22:29:44 +0100 |
commit | 79650f795f16e360338135e1d0819c3597c32eb6 (patch) | |
tree | 5ddc205fea7b380001e6e3b28ec0a05b1a484cff /synapse | |
parent | Reënable presence visibility permission checking now it's not used on redund... (diff) | |
download | synapse-79650f795f16e360338135e1d0819c3597c32eb6.tar.xz |
enable ECDHE ciphers
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/crypto/context_factory.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index fe58d65305..45958abbf5 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -1,5 +1,6 @@ from twisted.internet import reactor, ssl from OpenSSL import SSL +from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName class ServerContextFactory(ssl.ContextFactory): @@ -12,6 +13,11 @@ class ServerContextFactory(ssl.ContextFactory): @staticmethod def configure_context(context, config): + try: + _ecCurve = _OpenSSLECCurve(_defaultCurveName) + _ecCurve.addECKeyToContext(context) + except: + pass context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.use_certificate(config.tls_certificate) context.use_privatekey(config.tls_private_key) |