Use TLSv1.2 for fake servers in tests (#8208)

Some Linux distros have begun disabling TLSv1.0 and TLSv1.1 by default for security reasons, for example in Fedora 33 onwards: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 Use TLSv1.2 for the fake TLS servers created in the test suite, to avoid failures due to OpenSSL disallowing TLSv1.0: <twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')]> Signed-off-by: Dan Callaghan <djc@djc.id.au>
author: Dan Callaghan <djc@djc.id.au> 2020-09-11 04:49:08 +1000
committer: GitHub <noreply@github.com> 2020-09-10 19:49:08 +0100
commit: c312ee3cde39d9c97d3552b43533a4384321dc9e (patch)
tree: aedc08dfceeae6647699181a8c216c8a2696a32e /tests/http
parent: Add /_synapse/client to the reverse proxy docs (#8227) (diff)
download: synapse-c312ee3cde39d9c97d3552b43533a4384321dc9e.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/http/__init__.py b/tests/http/__init__.py
index 5d41443293..3e5a856584 100644
--- a/tests/http/__init__.py
+++ b/tests/http/__init__.py
@@ -145,7 +145,7 @@ class TestServerTLSConnectionFactory:
         self._cert_file = create_test_cert_file(sanlist)
 
     def serverConnectionForTLS(self, tlsProtocol):
-        ctx = SSL.Context(SSL.TLSv1_METHOD)
+        ctx = SSL.Context(SSL.SSLv23_METHOD)
         ctx.use_certificate_file(self._cert_file)
         ctx.use_privatekey_file(get_test_key_file())
         return Connection(ctx, None)
author	Dan Callaghan <djc@djc.id.au>	2020-09-11 04:49:08 +1000
committer	GitHub <noreply@github.com>	2020-09-10 19:49:08 +0100
commit	c312ee3cde39d9c97d3552b43533a4384321dc9e (patch)
tree	aedc08dfceeae6647699181a8c216c8a2696a32e /tests/http
parent	Add /_synapse/client to the reverse proxy docs (#8227) (diff)
download	synapse-c312ee3cde39d9c97d3552b43533a4384321dc9e.tar.xz