[Icecast] Secure Connection Failed

Ervin Bizjak ervin.bizjak at gmail.com
Sun Jan 7 19:00:10 UTC 2024


I have too problem with SSL. My radio work on http (8080) and https (8443).
Lately https is not working properly for me anymore. It worked fine for a
few years. In the morning I turn on the player on https, it works without
problems all day. If I turn it off and on again after a few hours, the
connection no longer works. The connection is established for 1 second and
disconnected. An icecast reset is required.
What is it?

I'm working on WIN 8, , Icecast 2.4.4., SSl = ZeroSSl, bound to IP, not
domain!

V V ned., 7. jan. 2024 ob 19:31 je oseba Petr Pisar <petr.pisar at atlas.cz>
napisala:

> V Sun, Jan 07, 2024 at 04:41:17PM +0000, John napsal(a):
> > I have installed Icecast and have it working. I'm now trying to make it
> work
> > with https. I've configured it as per instructions - at least, I believe
> > I have - and when it try to connect to it, I get an error page that says:
> >
> >
> > Secure Connection Failed
> >
> > An error occurred during a connection to www.<my domain>.com:8000. Cannot
> > communicate securely with peer: no common encryption algorithm(s).
> >
> > Error code: SSL_ERROR_NO_CYPHER_OVERLAP
> >
> The message says it: A list of encryption algorightms acceptable by the
> client
> and acceptable by the server has an empty intersection.
>
> What algorithms do they support dependends on their configuration and on
> a cryptographical libraries they use. You can try looking into their
> documentation and configuration. However, much easier will be probably
> running
> them in a more verbose mode to reveal algorithms advertized on the TLS
> level.
> Or capture the network packets and inspect them in a network analyzer,
> e.g. in
> Wireshark.
>
> As far as I know, icecast 2.4.4 hard codes a list of algorithms (search for
> CONFIG_DEFAULT_CIPHER_LIST in the sources). This is in general a bad idea
> as
> operating systems vendors and cryptographical library vendors usually know
> better what algorightms are suitable. Good software should not override the
> defaults. Once of the outcomes of overrides are interoperability issues you
> experience.
>
> -- Petr
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20240107/f6158c95/attachment.htm>


More information about the Icecast mailing list