Jitis Docker TURN transport=tcp should be udp

In the prosody config file in docker-jitsi-meet the transport for the turn server is set to TCP. This forces clients in one-on one calls to establish TCP connections to the TURN server and only relay internally between turn-server ports using UDP.

ClientA → TCP → TURN → UDP between ports → TURN → TCP → ClientB

Wouldn’t UDP be a better default here:

No, why would you need a turn server for udp when you can use udp to directly communicate with jvb?

From my understanding (which of course could be wrong) one-on one calls are end to end encrypted in both the direct p2p case and turn relay (without jvb) case but not when both parties are using the JVB.

Also this jitsi-videobridge/sfu.md at master · jitsi/jitsi-videobridge · GitHub states that calls going trough the JVB are less efficient since the JVB needs to decrypt the stream before forwarding to to the other peer.

I understand that for calls with >2 participants the Turn udp case is not relevant.

Also the meet.jit.si public instance seems to return ice server candidates with no transport specified (meaning udp).

Yes, but without comparing fingerprints, which we don’t provide any UI to do, how would you verify there is no MITM?

That is correct, but it’s not the end of the world.

Correct.

Yeah we do. I agree it would be good to support TURN UDP for the P2P case. Would you like to send a PR?

I created a pull request: Change TURN transport from TCP to UDP by adamsko · Pull Request #1449 · jitsi/docker-jitsi-meet · GitHub
It only changes TCP to UDP but could of course be extended to make it configurable if that is preferred.