Icecast with SSL enabled allows SSLv2 and several insecure ciphers by default, with no way to configure it to do othewise.

SSLv2 is generally considered insecure nowadays, as are a number of the default ciphers in openssl. Icecast wasn't specifying any ciphers to use, so it just got the default list.

The attached patch disables SSLv2 outright, and adds an optional configuration option called which you can use to override the cipher list, which has a sane default that provides a generally-accepted-secure set of ciphers.