richvdh
commented
5 years ago indeed. Do you happen to know if synapse correctly supports ECDSA ciphers on outbound federation connections?
Open plinss opened 5 years ago
richvdh
commented
5 years ago indeed. Do you happen to know if synapse correctly supports ECDSA ciphers on outbound federation connections?
plinss
commented
5 years ago Yes, I tested by turning off the RSA certificate for one of my servers and other servers were able to federate just fine
plinss
commented
5 years ago FWIW, if you need a server with both certificates to test against, feel free to use matrix.elemental.software
Some servers run both certificate types in parallel. If the server reports both RSA and ECDSA ciphers available, the tester should connect twice, once with only RSA ciphers enabled and once with only ECDSA ciphers enabled to retrieve and test both certificates.
Currently it only fetches a single certificate based on the first matching cipher.