[Icecast] Secure Connection Failed

Petr Pisar petr.pisar at atlas.cz
Sun Jan 7 18:25:57 UTC 2024


V Sun, Jan 07, 2024 at 04:41:17PM +0000, John napsal(a):
> I have installed Icecast and have it working. I'm now trying to make it work
> with https. I've configured it as per instructions - at least, I believe
> I have - and when it try to connect to it, I get an error page that says:
> 
> 
> Secure Connection Failed
> 
> An error occurred during a connection to www.<my domain>.com:8000. Cannot
> communicate securely with peer: no common encryption algorithm(s).
> 
> Error code: SSL_ERROR_NO_CYPHER_OVERLAP
>
The message says it: A list of encryption algorightms acceptable by the client
and acceptable by the server has an empty intersection.

What algorithms do they support dependends on their configuration and on
a cryptographical libraries they use. You can try looking into their
documentation and configuration. However, much easier will be probably running
them in a more verbose mode to reveal algorithms advertized on the TLS level.
Or capture the network packets and inspect them in a network analyzer, e.g. in
Wireshark.

As far as I know, icecast 2.4.4 hard codes a list of algorithms (search for
CONFIG_DEFAULT_CIPHER_LIST in the sources). This is in general a bad idea as
operating systems vendors and cryptographical library vendors usually know
better what algorightms are suitable. Good software should not override the
defaults. Once of the outcomes of overrides are interoperability issues you
experience.

-- Petr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20240107/6c44fa92/attachment.sig>


More information about the Icecast mailing list