actually coturn is a ‘smart’ software; it if sees certificates, it thinks that you are mistaken and ignores your no-tcp option.
no-tls doesn’t disable
Oooh I see. A bit too smart for its own good then, because it really confused me that adding or removing no-tcp seemed to have no effect at all ! So I ended mistakenly thinking it was somehow just tcp non ssl/tls or something. Sorry about that @drno
Interesting, so dtls is TLS by UDP. I actually didn’t know this protocol. Maybe I will do some additional test later to see if it works with jitsi/prosody. But I wonder in practice if there that many client that have UDP 10000 blocked but have UDP 443 open.
I’m still a bit confused about the “solution” of removing the external-ip option to fix my issue with Firefox. After thinking about it, I wonder if last year I had to use external-ip because at that time my turn server was in AWS, but jvb was in another cloud provider. Now both are in AWS. In any case, I’m a bit confused why adding a correct information (the public ip of my turn) to the config can have so much effect as perturbing Firefox somehow.
JVB port 10000 is using DTLS. AFAIK Prosody don’t use it at all, and JVB can be configured to use 443/TLS (but it’s not recommended).