Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • Icecast-Server Icecast-Server
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 102
    • Issues 102
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • External wiki
    • External wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Xiph.Org
  • Icecast-ServerIcecast-Server
  • Issues
  • #1718
Closed
Open
Created Aug 04, 2010 by Dave Miller@justdave

[patch] icecast supports SSLv2 and several non-secure ciphers

Icecast with SSL enabled allows SSLv2 and several insecure ciphers by default, with no way to configure it to do othewise.

SSLv2 is generally considered insecure nowadays, as are a number of the default ciphers in openssl. Icecast wasn't specifying any ciphers to use, so it just got the default list.

The attached patch disables SSLv2 outright, and adds an optional configuration option called which you can use to override the cipher list, which has a sane default that provides a generally-accepted-secure set of ciphers.

Assignee
Assign to
Time tracking