fix test suite failures in rawhide due to new crypto policy

0001-Use-TLSv1.2-for-fake-servers-in-tests.patch

@@ -0,0 +1,35 @@
+From 3e752ec4544dadfd7e3cc96d77b8a30bec36c49a Mon Sep 17 00:00:00 2001
+From: Dan Callaghan <djc@djc.id.au>
+Date: Sun, 30 Aug 2020 13:28:29 +1000
+Subject: [PATCH] Use TLSv1.2 for fake servers in tests
+
+Some Linux distros have begun disabling TLSv1.0 and TLSv1.1 by default
+for security reasons, for example in Fedora 33 onwards:
+
+https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
+
+Use TLSv1.2 for the fake TLS servers created in the test suite, to avoid
+failures due to OpenSSL disallowing TLSv1.0:
+
+    <twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines',
+    'ssl_choose_client_version', 'unsupported protocol')]>
+---
+ tests/http/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/http/__init__.py b/tests/http/__init__.py
+index 2096ba3c9..7486d092b 100644
+--- a/tests/http/__init__.py
++++ b/tests/http/__init__.py
+@@ -145,7 +145,7 @@ def __init__(self, sanlist):
+         self._cert_file = create_test_cert_file(sanlist)
+ 
+     def serverConnectionForTLS(self, tlsProtocol):
+-        ctx = SSL.Context(SSL.TLSv1_METHOD)
++        ctx = SSL.Context(SSL.TLSv1_2_METHOD)
+         ctx.use_certificate_file(self._cert_file)
+         ctx.use_privatekey_file(get_test_key_file())
+         return Connection(ctx, None)
+-- 
+2.26.2
+

matrix-synapse.spec

@@ -14,6 +14,8 @@ URL:        https://github.com/matrix-org/%{srcname}
 Source0:    %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz
 Source1:    synapse.sysconfig
 Source2:    synapse.service
+# https://github.com/matrix-org/synapse/pull/8208
+Patch1:     0001-Use-TLSv1.2-for-fake-servers-in-tests.patch
 BuildArch:  noarch
 
 BuildRequires:  python3-devel