You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code in Synapse uses a subclass of ssl.ContextFactory with some manual OpenSSL setup.
Twisted will do quite a lot of this for you (more every day!) and can handle several things that it looks like Synapse isn't doing right now, like service identity validation and sending server name indication.
Consider using optionsForClientTLS for clients, or CertificateOptions (sorry - horrible class name there, I know) for servers, if the default behavior is good enough.
The text was updated successfully, but these errors were encountered:
This issue has been migrated from #1691.
The code in Synapse uses a subclass of
ssl.ContextFactorywith some manual OpenSSL setup.Twisted will do quite a lot of this for you (more every day!) and can handle several things that it looks like Synapse isn't doing right now, like service identity validation and sending server name indication.
The relevant APIs are:
twisted.internet.interfaces.IOpenSSLClientConnectionCreatorortwisted.internet.interfaces.IOpenSSLServerConnectionCreatorrather than subclassingContextFactoryif you need to do your own thing.optionsForClientTLSfor clients, orCertificateOptions(sorry - horrible class name there, I know) for servers, if the default behavior is good enough.The text was updated successfully, but these errors were encountered: