TLSv1.3 support is added in coturn >4.6.2 . Debian 12 bookworm comes with coturn 4.6.1 which does support TLSv1.3. Docker version of coturn may be used to get the last version of coturn then, or a compilation from source is needed.
In case of compiling from source, openssl 1.1.1 is needed to support TLSv1.3.
To compile the last version of coturn on Debian, follow these instructions:
apt-get install pkg-config build-essential libssl-dev libevent-dev libsystemd-dev -y
cd /usr/src
wget https://github.com/coturn/coturn/archive/refs/tags/4.6.2.tar.gz
tar -zxvf 4.6.2.tar.gz
cd coturn-4.6.2
./configure --prefix=/usr --confdir=/etc
make
make install
cp ./examples/etc/coturn.service /etc/systemd/system/
mv /etc/turnserver.conf.default /etc/turnserver.conf
systemctl daemon-reload
chown turnserver:turnserver /var/run/turnserver.pid
useradd turnserver -s /bin/false
systemctl enable coturn --now
service coturn status
Now, in the log file you should see:
INFO: TLS 1.3 supported
Jitsi provides a sample turnserver.conf file to use for media streaming and TURNS. The syntax file can be found here.
The following configuration can be added to the /etc/turnserver.conf file to disable older versions of SSL/TLS incuding tlsv1.2 to enfore tlsv1.3 connections:
no-sslv3
no-tlsv1
no-tlsv1_1
no-tlsv1_2
A static user and password for turn can be defined using the following config:
lt-cred-mech
user=TURNUSER:TURNPASSWORD
No comments:
Post a Comment