Synapse: default to TLS 1.2 or later for outbound federation

benbz · benbz · commit de2607d575eb · 2025-07-08T14:09:29.000+01:00
diff --git a/charts/matrix-stack/configs/synapse/synapse-01-shared-underrides.yaml.tpl b/charts/matrix-stack/configs/synapse/synapse-01-shared-underrides.yaml.tpl
@@ -9,6 +9,8 @@ report_stats: false
 
 require_auth_for_profile_requests: true
 
+federation_client_minimum_tls_version: '1.2'
+
 {{- if $root.Values.matrixRTC.enabled }}
 # The maximum allowed duration by which sent events can be delayed, as
 # per MSC4140.
diff --git a/newsfragments/607.changed.md b/newsfragments/607.changed.md
@@ -0,0 +1,3 @@
+Default Synapse to requiring TLS 1.2 or later.
+
+This can be overridden in additional configuration.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Default Synapse to requiring TLS 1.2 or later.`
	`2`	`+`
	`3`	`+This can be overridden in additional configuration.`