enable ECDHE ciphers

bebeo92 · Sep 1, 2014 · 79650f7 · 79650f7
1 parent 270d302
commit 79650f7
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
@@ -1,5 +1,6 @@
 from twisted.internet import reactor, ssl
 from OpenSSL import SSL
+from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName
 
 
 class ServerContextFactory(ssl.ContextFactory):
@@ -12,6 +13,11 @@ def __init__(self, config):
 
     @staticmethod
     def configure_context(context, config):
+        try:
+            _ecCurve = _OpenSSLECCurve(_defaultCurveName)
+            _ecCurve.addECKeyToContext(context)
+        except:
+            pass
         context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
         context.use_certificate(config.tls_certificate)
         context.use_privatekey(config.tls_private_key)