Make Coturn TLSv1/v1.1 configurable
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
This commit is contained in:
parent
8ae0628c2f
commit
fcb9e9618a
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -1,3 +1,17 @@
|
||||||
|
# 2021-04-16
|
||||||
|
|
||||||
|
## Disabling TLSv1 and TLSv1.1 for Coturn
|
||||||
|
|
||||||
|
To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999) from our default [Coturn](https://github.com/coturn/coturn) configuration.
|
||||||
|
|
||||||
|
If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_coturn_tls_v1_enabled: true
|
||||||
|
matrix_coturn_tls_v1_1_enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
# 2021-04-05
|
# 2021-04-05
|
||||||
|
|
||||||
## Automated local Postgres backup support
|
## Automated local Postgres backup support
|
||||||
|
|
|
@ -73,3 +73,6 @@ matrix_coturn_total_quota: null
|
||||||
matrix_coturn_tls_enabled: false
|
matrix_coturn_tls_enabled: false
|
||||||
matrix_coturn_tls_cert_path: ~
|
matrix_coturn_tls_cert_path: ~
|
||||||
matrix_coturn_tls_key_path: ~
|
matrix_coturn_tls_key_path: ~
|
||||||
|
|
||||||
|
matrix_coturn_tls_v1_enabled: false
|
||||||
|
matrix_coturn_tls_v1_1_enabled: false
|
||||||
|
|
|
@ -16,8 +16,12 @@ no-cli
|
||||||
{% if matrix_coturn_tls_enabled %}
|
{% if matrix_coturn_tls_enabled %}
|
||||||
cert={{ matrix_coturn_tls_cert_path }}
|
cert={{ matrix_coturn_tls_cert_path }}
|
||||||
pkey={{ matrix_coturn_tls_key_path }}
|
pkey={{ matrix_coturn_tls_key_path }}
|
||||||
|
{% if not matrix_coturn_tls_v1_enabled %}
|
||||||
no-tlsv1
|
no-tlsv1
|
||||||
|
{% endif %}
|
||||||
|
{% if not matrix_coturn_tls_v1_1_enabled %}
|
||||||
no-tlsv1_1
|
no-tlsv1_1
|
||||||
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
no-tls
|
no-tls
|
||||||
no-dtls
|
no-dtls
|
||||||
|
|
Loading…
Reference in a new issue