Make Coturn TLSv1/v1.1 configurable

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
2021-04-16 09:29:32 +03:00 · 2021-04-16 09:29:32 +03:00 · fcb9e9618a
commit fcb9e9618a
parent 8ae0628c2f
3 changed files with 21 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,17 @@
 # 2021-04-16
 ## Disabling TLSv1 and TLSv1.1 for Coturn
 To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999) from our default [Coturn](https://github.com/coturn/coturn) configuration.
 If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:
 ```yaml
 matrix_coturn_tls_v1_enabled: true
 matrix_coturn_tls_v1_1_enabled: true
 ```
 # 2021-04-05
 ## Automated local Postgres backup support
--- a/roles/matrix-coturn/defaults/main.yml
+++ b/roles/matrix-coturn/defaults/main.yml
@ -73,3 +73,6 @@ matrix_coturn_total_quota: null
 matrix_coturn_tls_enabled: false
 matrix_coturn_tls_cert_path: ~
 matrix_coturn_tls_key_path: ~
 matrix_coturn_tls_v1_enabled: false
 matrix_coturn_tls_v1_1_enabled: false
--- a/roles/matrix-coturn/templates/turnserver.conf.j2
+++ b/roles/matrix-coturn/templates/turnserver.conf.j2
@ -16,8 +16,12 @@ no-cli
 {% if matrix_coturn_tls_enabled %}
 cert={{ matrix_coturn_tls_cert_path }}
 pkey={{ matrix_coturn_tls_key_path }}
 {% if not matrix_coturn_tls_v1_enabled %}
 no-tlsv1
 {% endif %}
 {% if not matrix_coturn_tls_v1_1_enabled %}
 no-tlsv1_1
 {% endif %}
 {% else %}
 no-tls
 no-dtls