Make Coturn TLSv1/v1.1 configurable
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
This commit is contained in:
parent
8ae0628c2f
commit
fcb9e9618a
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -1,3 +1,17 @@
|
|||
# 2021-04-16
|
||||
|
||||
## Disabling TLSv1 and TLSv1.1 for Coturn
|
||||
|
||||
To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999) from our default [Coturn](https://github.com/coturn/coturn) configuration.
|
||||
|
||||
If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:
|
||||
|
||||
```yaml
|
||||
matrix_coturn_tls_v1_enabled: true
|
||||
matrix_coturn_tls_v1_1_enabled: true
|
||||
```
|
||||
|
||||
|
||||
# 2021-04-05
|
||||
|
||||
## Automated local Postgres backup support
|
||||
|
|
|
@ -73,3 +73,6 @@ matrix_coturn_total_quota: null
|
|||
matrix_coturn_tls_enabled: false
|
||||
matrix_coturn_tls_cert_path: ~
|
||||
matrix_coturn_tls_key_path: ~
|
||||
|
||||
matrix_coturn_tls_v1_enabled: false
|
||||
matrix_coturn_tls_v1_1_enabled: false
|
||||
|
|
|
@ -16,8 +16,12 @@ no-cli
|
|||
{% if matrix_coturn_tls_enabled %}
|
||||
cert={{ matrix_coturn_tls_cert_path }}
|
||||
pkey={{ matrix_coturn_tls_key_path }}
|
||||
{% if not matrix_coturn_tls_v1_enabled %}
|
||||
no-tlsv1
|
||||
{% endif %}
|
||||
{% if not matrix_coturn_tls_v1_1_enabled %}
|
||||
no-tlsv1_1
|
||||
{% endif %}
|
||||
{% else %}
|
||||
no-tls
|
||||
no-dtls
|
||||
|
|
Loading…
Reference in a new issue