Make Coturn TLSv1/v1.1 configurable

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
This commit is contained in:
Slavi Pantaleev 2021-04-16 09:29:32 +03:00
parent 8ae0628c2f
commit fcb9e9618a
3 changed files with 21 additions and 0 deletions

View file

@ -1,3 +1,17 @@
# 2021-04-16
## Disabling TLSv1 and TLSv1.1 for Coturn
To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999) from our default [Coturn](https://github.com/coturn/coturn) configuration.
If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:
```yaml
matrix_coturn_tls_v1_enabled: true
matrix_coturn_tls_v1_1_enabled: true
```
# 2021-04-05 # 2021-04-05
## Automated local Postgres backup support ## Automated local Postgres backup support

View file

@ -73,3 +73,6 @@ matrix_coturn_total_quota: null
matrix_coturn_tls_enabled: false matrix_coturn_tls_enabled: false
matrix_coturn_tls_cert_path: ~ matrix_coturn_tls_cert_path: ~
matrix_coturn_tls_key_path: ~ matrix_coturn_tls_key_path: ~
matrix_coturn_tls_v1_enabled: false
matrix_coturn_tls_v1_1_enabled: false

View file

@ -16,8 +16,12 @@ no-cli
{% if matrix_coturn_tls_enabled %} {% if matrix_coturn_tls_enabled %}
cert={{ matrix_coturn_tls_cert_path }} cert={{ matrix_coturn_tls_cert_path }}
pkey={{ matrix_coturn_tls_key_path }} pkey={{ matrix_coturn_tls_key_path }}
{% if not matrix_coturn_tls_v1_enabled %}
no-tlsv1 no-tlsv1
{% endif %}
{% if not matrix_coturn_tls_v1_1_enabled %}
no-tlsv1_1 no-tlsv1_1
{% endif %}
{% else %} {% else %}
no-tls no-tls
no-dtls no-dtls