From 0ba095ba03160b30a4862b918408bb0148033eed Mon Sep 17 00:00:00 2001
From: Jared Vititoe <jjvititoe1@gmail.com>
Date: Tue, 10 Mar 2026 14:05:59 -0400
Subject: [PATCH] docs: mark coturn hardening applied, update action items

- stale-nonce, user-quota, total-quota, cipher-list applied to /etc/turnserver.conf
- BBR noted as intentionally skipped (HA multi-host setup)
- Storj update and Synapse lag resolved

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 README.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index fd2bf3d..726f265 100644
--- a/README.md
+++ b/README.md
@@ -522,14 +522,13 @@ The coturn cert is managed by NPM (cert ID 91, stored at `/etc/letsencrypt/live/
 
 Script compares cert expiry dates between LXC 139 and LXC 151. If they differ (NPM renewed), it copies `fullchain.pem` + `privkey.pem` and restarts coturn.
 
-**Additional coturn hardening (while you're in there):**
+**Additional coturn hardening — ✅ Applied March 2026:**
 ```
 # /etc/turnserver.conf
-stale_nonce=600              # Nonce expires 600s (prevents replay attacks)
-user-quota=100               # Max concurrent allocations per user
-total-quota=1000             # Total allocations on server
-max-bps=1000000              # 1 Mbps per TURN session
-cipher-list="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305"
+stale-nonce=600              # Nonce expires 600s (prevents replay attacks)
+user-quota=100               # Max concurrent relay allocations per user
+total-quota=1000             # Total relay allocations server-wide
+cipher-list=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305
 ```
 
 ---