mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-12-17 06:44:22 -05:00
Use TLSv1.2 for fake servers in tests (#8208)
Some Linux distros have begun disabling TLSv1.0 and TLSv1.1 by default for security reasons, for example in Fedora 33 onwards: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 Use TLSv1.2 for the fake TLS servers created in the test suite, to avoid failures due to OpenSSL disallowing TLSv1.0: <twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'ssl_choose_client_version', 'unsupported protocol')]> Signed-off-by: Dan Callaghan <djc@djc.id.au>
This commit is contained in:
parent
95d869c357
commit
c312ee3cde
1
changelog.d/8208.misc
Normal file
1
changelog.d/8208.misc
Normal file
@ -0,0 +1 @@
|
||||
Fix tests on distros which disable TLSv1.0. Contributed by @danc86.
|
@ -145,7 +145,7 @@ class TestServerTLSConnectionFactory:
|
||||
self._cert_file = create_test_cert_file(sanlist)
|
||||
|
||||
def serverConnectionForTLS(self, tlsProtocol):
|
||||
ctx = SSL.Context(SSL.TLSv1_METHOD)
|
||||
ctx = SSL.Context(SSL.SSLv23_METHOD)
|
||||
ctx.use_certificate_file(self._cert_file)
|
||||
ctx.use_privatekey_file(get_test_key_file())
|
||||
return Connection(ctx, None)
|
||||
|
Loading…
Reference in New Issue
Block a user