From 540416e32df79d0550610455b622202d08d5bcf1 Mon Sep 17 00:00:00 2001 From: sakkiii Date: Thu, 15 Apr 2021 19:25:23 +0530 Subject: [PATCH] Disable support for TLS 1.0 and TLS 1.1 These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1. --- roles/matrix-coturn/templates/turnserver.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/matrix-coturn/templates/turnserver.conf.j2 b/roles/matrix-coturn/templates/turnserver.conf.j2 index 3fcf0b679..285320dc2 100644 --- a/roles/matrix-coturn/templates/turnserver.conf.j2 +++ b/roles/matrix-coturn/templates/turnserver.conf.j2 @@ -16,6 +16,8 @@ no-cli {% if matrix_coturn_tls_enabled %} cert={{ matrix_coturn_tls_cert_path }} pkey={{ matrix_coturn_tls_key_path }} +no-tlsv1 +no-tlsv1_1 {% else %} no-tls no-dtls