Icecast Server/known https restrictions

From XiphWiki
Revision as of 02:45, 19 May 2018 by Phschafft (talk | contribs) (Undo revision 16624 by MrZeus (talk); The table is not about libshout but libshout sadly the only listed client at this point.)
Jump to navigation Jump to search

This page lists known problems of latest released Icecast when operating with TLS enabled.

  • 'listenurl' in the internal XML status representation is not protocol aware and will always use 'http' + global hostname (default: "localhost") and port (default: first listen-socket).
  • Virtual playlist files don't work
  • Authentication helper doesn't work (needs verification)
  • Certificate reload is not implemented in 2.4.x. Icecast2 2.4.x needs to be restarted to reload the certificate. (supported in branch ph3-update-TLS.)

TLS Mode compatibility charts

The following tables list Icecast configuration settings (horizontal) versus client settings (vertical).

Note: While auto mode may connect using TLS, it will not establish a secure connection. auto_no_plain will ensure a secure connection.

Icecast2 2.4.x

libshout
0 1
disabled Yes No
auto Yes Yes
auto_no_plain No Yes
RFC2817 No No
RFC2818 No Yes

Icecast2 2.5.x (branch "master")

Note: for truth values the following keywords can be used in the configuration: 0, false, no, off, 1, true, yes, on

TLS not configured TLS configured
disabled auto, false disabled auto, false auto_no_plain rfc2817 rfc2818, true
libshout
disabled Yes Yes Yes Yes No No No
auto Yes Yes Yes Yes Yes Yes Yes
auto_no_plain No No No Yes Yes Yes Yes
RFC2817 No No No Yes Yes Yes No
RFC2818 No No No Yes Yes No Yes