@croulibri @Blort @yunohost this sounds weird. All Matrix calls are DTLS already thanks to WebRTC. It might be trying to force TURNS (i.e. tunnel all traffic over TLS/TCP), which is only intended as an emergency fallback for hostile networks by making the traffic look like HTTPS at the expense of quality.
@matrix @Blort @yunohost
Yes indeed, this option under Yunohost server admin panel provide increased security by encrypting TURN server connexion through TLS/DTLS.
Maybe the wording is confusing.
See https://github.com/YunoHost-Apps/synapse_ynh/pull/222
@croulibri @Blort @yunohost right, but given the payload is *already* DTLS, this encryption is 'only' encrypted the TURN envelope - i.e. the TURN credentials (mxid + shortlived throwaway password) - at the expense of much worse quality. At least until TURN+DTLS is implemented in libwebrtc - e.g. https://issues.webrtc.org/issues/42228549. (It's a bit weird that that issue is stuck, given it would improve TURN security without most of the quality hit)