<div dir="ltr"><div class="gmail_default" style="font-size:large">I have too problem with SSL. My radio work on http (8080) and https (8443). <br></div><div class="gmail_default" style="font-size:large">Lately https is not working properly for me anymore. It worked fine for a few years. In the morning I turn on the player on https, it works without problems all day. If I turn it off and on again after a few hours, the connection no longer works. The connection is established for 1 second and disconnected. An icecast reset is required.<br>What is it?<br><br>I'm working on WIN 8, , Icecast 2.4.4., SSl = ZeroSSl, bound to IP, not domain!</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">V V ned., 7. jan. 2024 ob 19:31 je oseba Petr Pisar <<a href="mailto:petr.pisar@atlas.cz">petr.pisar@atlas.cz</a>> napisala:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">V Sun, Jan 07, 2024 at 04:41:17PM +0000, John napsal(a):<br>
> I have installed Icecast and have it working. I'm now trying to make it work<br>
> with https. I've configured it as per instructions - at least, I believe<br>
> I have - and when it try to connect to it, I get an error page that says:<br>
> <br>
> <br>
> Secure Connection Failed<br>
> <br>
> An error occurred during a connection to www.<my domain>.com:8000. Cannot<br>
> communicate securely with peer: no common encryption algorithm(s).<br>
> <br>
> Error code: SSL_ERROR_NO_CYPHER_OVERLAP<br>
><br>
The message says it: A list of encryption algorightms acceptable by the client<br>
and acceptable by the server has an empty intersection.<br>
<br>
What algorithms do they support dependends on their configuration and on<br>
a cryptographical libraries they use. You can try looking into their<br>
documentation and configuration. However, much easier will be probably running<br>
them in a more verbose mode to reveal algorithms advertized on the TLS level.<br>
Or capture the network packets and inspect them in a network analyzer, e.g. in<br>
Wireshark.<br>
<br>
As far as I know, icecast 2.4.4 hard codes a list of algorithms (search for<br>
CONFIG_DEFAULT_CIPHER_LIST in the sources). This is in general a bad idea as<br>
operating systems vendors and cryptographical library vendors usually know<br>
better what algorightms are suitable. Good software should not override the<br>
defaults. Once of the outcomes of overrides are interoperability issues you<br>
experience.<br>
<br>
-- Petr<br>
_______________________________________________<br>
Icecast mailing list<br>
<a href="mailto:Icecast@xiph.org" target="_blank">Icecast@xiph.org</a><br>
<a href="http://lists.xiph.org/mailman/listinfo/icecast" rel="noreferrer" target="_blank">http://lists.xiph.org/mailman/listinfo/icecast</a><br>
</blockquote></div>