Avoid the use of deprecated TLS versions (e.g. 1.0 and 1.1) or weak cipher suites (e.g. RC4 or 3DES).
Test your TLS security using a third-party tool or running:
This information applies to both the Gateway (HTTPS/WSS) and the Media Server (TURNS).
Ensure Windows is updated with the latest official patches.
To disable weak cipher suites:
- Click Start → Edit Group Policy
- Browse to Local Computer Policy → Computer Configuration → Administrative Templates → Network → SSL Configuration Settings
- Double-click SSL Cipher Suite Order.
- Check Enabled.
To verify, open PowerShell and run:
You should see output that looks something like:
This information only applies to the Media Server (TURNS). TLS hardening is not yet available for the Gateway (HTTPS/WSS) on Linux, so it is still recommended to perform TLS termination in front of the Gateway using a load balancer or reverse proxy.
Ensure Linux is updated with the latest official patches.
Weak ciphers suites are disabled automatically.
The following ciphers are enabled by default: