Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-07-31 21:58:38 -04:00
Code Issues Projects Releases Packages Wiki Activity

Require ECDH key exchange & remove dh_params (#4429)

Browse source 
* remove dh_params and set better cipher string
This commit is contained in:
Amber Brown 2019-01-22 21:58:50 +11:00 committed by GitHub
parent 83f335bedf
commit 23b0813599
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 6 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

6
synapse/crypto/context_factory.py
View file

@ -46,8 +46,10 @@ class ServerContextFactory(ContextFactory):
if not config.no_tls:
context.use_privatekey(config.tls_private_key)
context.load_tmp_dh(config.tls_dh_params_path)
context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH")
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
context.set_cipher_list(
"ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1"
)
def getContext(self):
return self._context