From a93540b60d0870b86061e489183cce2792a3d5e2 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Fri, 7 Apr 2023 10:17:28 -0400
Subject: Disable TLS over federation.

---
 synapse/server.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/synapse/server.py b/synapse/server.py
index b72b76a38b..bb30a550a8 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -38,7 +38,6 @@ from synapse.api.ratelimiting import Ratelimiter, RequestRatelimiter
 from synapse.appservice.api import ApplicationServiceApi
 from synapse.appservice.scheduler import ApplicationServiceScheduler
 from synapse.config.homeserver import HomeServerConfig
-from synapse.crypto import context_factory
 from synapse.crypto.context_factory import RegularPolicyForHTTPS
 from synapse.crypto.keyring import Keyring
 from synapse.events.builder import EventBuilderFactory
@@ -475,9 +474,11 @@ class HomeServer(metaclass=abc.ABCMeta):
         """
         An HTTP client for federation.
         """
-        tls_client_options_factory = context_factory.FederationPolicyForHTTPS(
-            self.config
-        )
+        # XXX Disable TLS for federation.
+        # tls_client_options_factory = context_factory.FederationPolicyForHTTPS(
+        #     self.config
+        # )
+        tls_client_options_factory = None
         return MatrixFederationHttpClient(self, tls_client_options_factory)
 
     @cache_in_self
-- 
cgit 1.4.1