Make Coturn TLSv1/v1.1 configurable

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999

CHANGELOG.md

@@ -1,3 +1,17 @@
+# 2021-04-16
+
+## Disabling TLSv1 and TLSv1.1 for Coturn
+
+To improve security, we've [removed TLSv1 and TLSv1.1 support](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999) from our default [Coturn](https://github.com/coturn/coturn) configuration.
+
+If you need to support old clients, you can re-enable both (or whichever one you need) with the following configuration:
+
+```yaml
+matrix_coturn_tls_v1_enabled: true
+matrix_coturn_tls_v1_1_enabled: true
+```
+
+
 # 2021-04-05
 
 ## Automated local Postgres backup support

roles/matrix-coturn/defaults/main.yml

@@ -73,3 +73,6 @@ matrix_coturn_total_quota: null
 matrix_coturn_tls_enabled: false
 matrix_coturn_tls_cert_path: ~
 matrix_coturn_tls_key_path: ~
+
+matrix_coturn_tls_v1_enabled: false
+matrix_coturn_tls_v1_1_enabled: false

roles/matrix-coturn/templates/turnserver.conf.j2

@@ -16,8 +16,12 @@ no-cli
 {% if matrix_coturn_tls_enabled %}
 cert={{ matrix_coturn_tls_cert_path }}
 pkey={{ matrix_coturn_tls_key_path }}
+{% if not matrix_coturn_tls_v1_enabled %}
 no-tlsv1
+{% endif %}
+{% if not matrix_coturn_tls_v1_1_enabled %}
 no-tlsv1_1
+{% endif %}
 {% else %}
 no-tls
 no-dtls