diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index 3fc6cf9a3f..162099dc5e 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -81,11 +81,8 @@ class TlsConfig(Config):
             "federation_certificate_verification_whitelist", [],
         )
 
-        self.federation_certificate_verification_whitelist = None
-        if len(federation_certificate_verification_whitelist) > 0:
-            self.federation_certificate_verification_whitelist = {}
-
         # Store whitelisted domains in a hash for fast lookup
+        self.federation_certificate_verification_whitelist = {}
         for domain in federation_certificate_verification_whitelist:
             self.federation_certificate_verification_whitelist[domain] = True
 
diff --git a/synapse/crypto/context_factory.py b/synapse/crypto/context_factory.py
index 8a3fea043b..6fda5e677d 100644
--- a/synapse/crypto/context_factory.py
+++ b/synapse/crypto/context_factory.py
@@ -142,13 +142,12 @@ class ClientTLSOptionsFactory(object):
         # Use _makeContext so that we get a fresh OpenSSL CTX each time.
 
         # Check if certificate verification has been enabled
-        if (self._config.federation_verify_certificates):
-            # and if the host is whitelisted against it
-            if (self._config.federation_certificate_verification_whitelist and
-                    host in self._config.federation_certificate_verification_whitelist):
-                return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
+        should_verify = self._config.federation_verify_certificates
 
+        # Check if we've disabled certificate verification for this host
+        if should_verify and host in self._config.federation_certificate_verification_whitelist:
+            should_verify = False
+
+        if should_verify:
             return ClientTLSOptions(host, self._options_verify._makeContext())
-
-        # Otherwise don't require verification
         return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
diff --git a/tests/utils.py b/tests/utils.py
index 054a48bb24..cb75514851 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -137,9 +137,6 @@ def default_config(name):
     config.email_enable_notifs = False
     config.block_non_admin_invites = False
     config.federation_domain_whitelist = None
-    config.federation_certificate_verification_whitelist = None
-    config.federation_custom_ca_list = None
-    config.federation_verify_certificates = False
     config.federation_rc_reject_limit = 10
     config.federation_rc_sleep_limit = 10
     config.federation_rc_sleep_delay = 100