summary refs log tree commit diff
path: root/synapse/crypto/context_factory.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/crypto/context_factory.py')
-rw-r--r--synapse/crypto/context_factory.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py

index 02b76dfcfb..6ba3eca7b2 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -46,8 +46,10 @@ class ServerContextFactory(ContextFactory):
         if not config.no_tls:
             context.use_privatekey(config.tls_private_key)
 
-        context.load_tmp_dh(config.tls_dh_params_path)
-        context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH")
+        # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+        context.set_cipher_list(
+            "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1"
+        )
 
     def getContext(self):
         return self._context
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-03-26 03:21:21 +0000