From 15be181642d08337f94b89b49305e49c56a103a4 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 24 Oct 2014 19:27:12 +0100 Subject: [PATCH] Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC --- setup.py | 1 + synapse/crypto/context_factory.py | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 649ac86590..660efd5b89 100755 --- a/setup.py +++ b/setup.py @@ -34,6 +34,7 @@ setup( "syutil==0.0.2", "Twisted>=14.0.0", "service_identity>=1.0.0", + "pyopenssl>=0.14", "pyyaml", "pyasn1", "pynacl", diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py index f86bd19255..f402c795bb 100644 --- a/synapse/crypto/context_factory.py +++ b/synapse/crypto/context_factory.py @@ -16,6 +16,9 @@ from twisted.internet import ssl from OpenSSL import SSL from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName +import logging + +logger = logging.getLogger(__name__) class ServerContextFactory(ssl.ContextFactory): """Factory for PyOpenSSL SSL contexts that are used to handle incoming @@ -31,7 +34,7 @@ class ServerContextFactory(ssl.ContextFactory): _ecCurve = _OpenSSLECCurve(_defaultCurveName) _ecCurve.addECKeyToContext(context) except: - pass + logger.exception("Failed to enable eliptic curve for TLS") context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.use_certificate(config.tls_certificate) context.use_privatekey(config.tls_private_key)