[Debian-rtc-admin] Bug#804411: enable TURN over TLS support
Daniel Pocock
daniel at pocock.pro
Sun Nov 8 08:33:42 GMT 2015
package: rtc.debian.org
severity: important
Currently, the TURN server only uses UDP.
For clients behind firewalls that block UDP, we need to enable the TLS
transport.
https://tools.ietf.org/html/rfc5766#section-2.1
https://tools.ietf.org/html/rfc7065
Need to verify browser support and potentially look at ways to warn
users if they are using an older browser version that only supports TURN
over UDP
https://bugzilla.mozilla.org/show_bug.cgi?id=949703
https://code.google.com/p/webrtc/issues/detail?id=2865
Steps required:
a) create a DNS name (maybe turn.debian.org or turn-server.debian.org)
and also create the SRV and NAPTR records in DNS
b) open TCP port 5349 in the firewall
c) create a TLS certificate
d) update vogler.debian.org:/etc/reTurn/reTurnServer.config
TlsTurnPort = 5349
TlsServerCertificateFilename = /etc/ssl/ssl.crt/turn.debian.org.crt
TlsServerPrivateKeyFilename = /etc/ssl/private/turn.debian.org.key
TlsTempDhFilename = /etc/reTurn/dh2048.pem
e) update the config.js file in rtc.debian.org Git repository to include
the URI for TURN over TLS
For best results, this should be done over port 443 instead of 5349.
Then more HTTP proxies will be willing to relay these calls.
More information about the Debian-rtc-team
mailing list