[Icecast] Icecast2 with SSL, includes error.log extract

Jordan Erickson jordan at coolmic.net
Fri Nov 27 22:22:37 UTC 2020 

Hey Steve,

I don't believe ices supports SSL, does it?


Cheers,
Jordan Erickson


On 11/27/20 2:17 PM, Steve Matzura wrote:
> After placing "<ssl>1</ssl>" in the listen-sockets stanza and the path 
> to my PEM-format certificate in the paths stanza, I restarted Icecast2. 
> In /usr/share/icecast2/log I got the following in error.log:
> 
> 
> [2020-11-27  22:00:07] INFO connection/get_ssl_certificate SSL 
> certificate found at /etc/ssl/2020/icecast.pem
> [2020-11-27  22:00:07] INFO connection/get_ssl_certificate SSL using 
> ciphers 
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA 
> 
> 
> I have absolutely no idea what any of this means, good or bad, but I do 
> know that after restarting Icecast, I couldn't restart ices and 
> therefore couldn't connect to the server. Apparently something is wrong 
> with my PEM certificate file, but I truly don't know what it could be. I 
> created it by concatenating my server's public key plus its certifying 
> authority (CA) key provided by the hosting company plus the server's 
> private key according to many articles and Web pages, not to mention 
> several helpful messages on this very list. After restarting Icecast, I 
> could not restart ices, which probably means I need something else in 
> the ices configuration about which I do not know, or my certificate PEM 
> file is bad. Any help on solving this would be greatly appreaciated. I 
> feel I'm very close, jut one detail away from getting it right.
> 
> 
> Thanks in advance.
> 
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast

More information about the Icecast mailing list