Difference between revisions of "Icecast Server/known https restrictions"

From XiphWiki
Jump to navigation Jump to search
m (clarification / details on limitations)
(Branch ph3-update-TLS has been merged into master)
Line 33: Line 33:
 
|}
 
|}
  
=== Icecast2 2.5.x ===
+
=== Icecast2 2.5.x (branch "master") ===
 
Note: for truth values the following keywords can be used in the configuration: 0, false, no, off, 1, true, yes, on
 
Note: for truth values the following keywords can be used in the configuration: 0, false, no, off, 1, true, yes, on
  
{| class="wikitable"
 
!
 
! TLS not configured
 
! colspan="2" | TLS configured
 
|-
 
! !! false !! false !! true
 
|-
 
! colspan="4" | libshout
 
|-
 
! disabled
 
| Yes || Yes || No
 
|-
 
! auto
 
| Yes || Yes || Yes
 
|-
 
! auto_no_plain
 
| No || Yes || Yes
 
|-
 
! RFC2817
 
| No || Yes || Yes
 
|-
 
! RFC2818
 
| No || No || Yes
 
|}
 
 
=== Icecast2 2.5.x branch ph3-update-TLS ===
 
 
{| class="wikitable"
 
{| class="wikitable"
 
!
 
!

Revision as of 02:06, 3 November 2017

This page lists known problems of latest released Icecast when operating with TLS enabled.

  • 'listenurl' in the internal XML status representation is not protocol aware and will always use 'http' + global hostname (default: "localhost") and port (default: first listen-socket).
  • Virtual playlist files don't work
  • Authentication helper doesn't work (needs verification)
  • Certificate reload is not implemented in 2.4.x. Icecast2 2.4.x needs to be restarted to reload the certificate. (supported in branch ph3-update-TLS.)

TLS Mode compatibility charts

The following list Icecast configuration settings (horizontal) versus client settings (vertical). Note: While auto mode may connect using TLS it will not establish a secure connection. auto_no_plain will ensure a secure connection.

Icecast2 2.4.x

0 1
libshout
disabled Yes No
auto Yes Yes
auto_no_plain No Yes
RFC2817 No No
RFC2818 No Yes

Icecast2 2.5.x (branch "master")

Note: for truth values the following keywords can be used in the configuration: 0, false, no, off, 1, true, yes, on

TLS not configured TLS configured
disabled auto, false disabled auto, false auto_no_plain rfc2817 rfc2818, true
libshout
disabled Yes Yes Yes Yes No No No
auto Yes Yes Yes Yes Yes Yes Yes
auto_no_plain No No No Yes Yes Yes Yes
RFC2817 No No No Yes Yes Yes No
RFC2818 No No No Yes Yes No Yes