dtouch3d completely
2015-Jan-14 11:59 UTC
[Icecast] Source can't connect to Icecast with SSL enabled
No I haven't because I thought SSL would be only enabled for the listener auth, not source auth. So apparently if I want listener SSL the source must support SSL also ? That sounds kind of unnecessary and preferably should be an option. If this is not possible I guess stunnel is the only way to go. Thank you very much. On Wed, Jan 14, 2015 at 1:46 PM, "Thomas B. R?cker" <thomas at ruecker.fi> wrote:> On 01/14/2015 11:13 AM, dtouch3d completely wrote: >> Hello, >> >> I have liquidsoap streaming to icecast with url authentication and >> everything works as it should. However, I enabled SSL in icecast to >> enhance security and now the source doesn't connect. > <snip> > > Have you verified that the source supports SSL? I don't think there are > many that do. > If not you might need to wrap the source side of things into a "stunnel". > > Cheers > > Thomas > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast
"Thomas B. Rücker"
2015-Jan-14 12:32 UTC
[Icecast] Source can't connect to Icecast with SSL enabled
On 01/14/2015 11:59 AM, dtouch3d completely wrote:> No I haven't because I thought SSL would be only enabled for the > listener auth, not source auth.OK, then you should have two separate listener sockets. One for SSL and one without. Point the source client to the one without. Advertize the one with SSL to listeners. TBR> So apparently if I want listener SSL > the source must support SSL also ? That sounds kind of unnecessary and > preferably should be an option. If this is not possible I guess > stunnel is the only way to go. > > Thank you very much. > > On Wed, Jan 14, 2015 at 1:46 PM, "Thomas B. R?cker" <thomas at ruecker.fi> wrote: >> On 01/14/2015 11:13 AM, dtouch3d completely wrote: >>> Hello, >>> >>> I have liquidsoap streaming to icecast with url authentication and >>> everything works as it should. However, I enabled SSL in icecast to >>> enhance security and now the source doesn't connect. >> <snip> >> >> Have you verified that the source supports SSL? I don't think there are >> many that do. >> If not you might need to wrap the source side of things into a "stunnel". >> >> Cheers >> >> Thomas >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast
Philipp Schafft
2015-Jan-15 09:00 UTC
[Icecast] Source can't connect to Icecast with SSL enabled
reflum, On Wed, 2015-01-14 at 12:32 +0000, "Thomas B. R?cker" wrote:> On 01/14/2015 11:59 AM, dtouch3d completely wrote: > > No I haven't because I thought SSL would be only enabled for the > > listener auth, not source auth. > > OK, then you should have two separate listener sockets. > One for SSL and one without. > Point the source client to the one without. > Advertize the one with SSL to listeners.Please note that this is a limitation of HTTP and how it works with TLS. Not a Icecast limitation. HTTP uses port separation for TLS/non-TLS unlike e.g. SMTP wich uses a STARTTLS command to upgrade to TLS on the fly if requested. -- Philipp. (Rah of PH2) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part Url : http://lists.xiph.org/pipermail/icecast/attachments/20150115/8470d55e/attachment.pgp