From 92cc6b0383482200785f09d6e1531563eb50bb90 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Mon, 8 Apr 2019 17:58:54 +0100
Subject: [PATCH] Heavier warning about disabling TLS verification

---
 synapse/config/tls.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/synapse/config/tls.py b/synapse/config/tls.py
index ea54bd0793..72dd5926f9 100644
--- a/synapse/config/tls.py
+++ b/synapse/config/tls.py
@@ -251,8 +251,9 @@ class TlsConfig(Config):
         # Skip federation certificate verification on the following whitelist
         # of domains.
         #
-        # This setting should only normally be used within a private network of
-        # homeservers.
+        # This setting should only be used in very specific cases, such as
+        # federation over Tor hidden services and similar. For private networks
+        # of homeservers, you likely want to use a private CA instead.
         #
         # Only effective if federation_verify_certicates is `true`.
         #