tileradotorg/synapse
1
0
Fork 0
forked from MirrorHub/synapse
Code Pull requests Activity

Merge branch 'rav/no_create_server_contexts_if_no_tls' into rav/tls_cert/work

Browse source
This commit is contained in:
Richard van der Hoff 2019-02-11 21:34:19 +00:00
commit 15272f837c
3 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/4617.misc Normal file
View file

@ -0,0 +1 @@
Don't create server contexts when TLS is disabled

5
synapse/app/_base.py
View file

@ -214,6 +214,11 @@ def refresh_certificate(hs):
disk and updating the TLS context factories to use them. disk and updating the TLS context factories to use them.
""" """
hs.config.read_certificate_from_disk() hs.config.read_certificate_from_disk()
if hs.config.no_tls:
# nothing else to do here
return
hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config) hs.tls_server_context_factory = context_factory.ServerContextFactory(hs.config)
if hs._listening_services: if hs._listening_services:

2
synapse/crypto/context_factory.py
View file

@ -43,8 +43,6 @@ class ServerContextFactory(ContextFactory):
logger.exception("Failed to enable elliptic curve for TLS") logger.exception("Failed to enable elliptic curve for TLS")
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
context.use_certificate_chain_file(config.tls_certificate_file) context.use_certificate_chain_file(config.tls_certificate_file)
if not config.no_tls:
context.use_privatekey(config.tls_private_key) context.use_privatekey(config.tls_private_key)
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/