Add log message if we can't enable ECC. Require pyopenssl>=0.14 since…

… 0.13 doesn't seem to have ECC
HubbeKing · Oct 24, 2014 · 15be181 · 15be181
1 parent db2e350
commit 15be181
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/setup.py b/setup.py
@@ -34,6 +34,7 @@ def read(fname):
         "syutil==0.0.2",
         "Twisted>=14.0.0",
         "service_identity>=1.0.0",
+        "pyopenssl>=0.14",
         "pyyaml",
         "pyasn1",
         "pynacl",

diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
@@ -16,6 +16,9 @@
 from OpenSSL import SSL
 from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName
 
+import logging
+
+logger = logging.getLogger(__name__)
 
 class ServerContextFactory(ssl.ContextFactory):
     """Factory for PyOpenSSL SSL contexts that are used to handle incoming
@@ -31,7 +34,7 @@ def configure_context(context, config):
             _ecCurve = _OpenSSLECCurve(_defaultCurveName)
             _ecCurve.addECKeyToContext(context)
         except:
-            pass
+            logger.exception("Failed to enable eliptic curve for TLS")
         context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
         context.use_certificate(config.tls_certificate)
         context.use_privatekey(config.tls_private_key)