X-Git-Url: https://git.sesse.net/?p=cubemap;a=blobdiff_plain;f=README;fp=README;h=5c9119e0297bdd1a703dc0061282a7753ad7be5f;hp=056f705b80cc4d9f481c18e273c4284af3dc46ec;hb=16a03b9858752fae9e81af261821a2a22855fde3;hpb=afa95dd1ddca5b46ebf45e5bdb6aa5f3dad25d48 diff --git a/README b/README index 056f705..5c9119e 100644 --- a/README +++ b/README @@ -18,12 +18,15 @@ A short list of features: has problems reflecting itself (in particular, FLV). - Multicast support, both for sending and receiving (supports only protocols that can go over UDP, e.g. MPEG-TS). Supports both ASM and SSM. + - TLS output support, through the TLSe library (requires libtomcrypt) + and the Linux kernel's kTLS (Linux 4.13 or newer). There are a few + limitations; see below. - IPv4 support. Yes, Cubemap even supports (some) legacy protocols. HOWTO: - sudo aptitude install libprotobuf-dev protobuf-compiler libsystemd-dev + sudo apt install libprotobuf-dev protobuf-compiler libsystemd-dev libtomcrypt-dev ./configure make -j4 @@ -46,6 +49,21 @@ are OK, and then exec() the new version, which deserializes everything and keeps going. +Notes on TLS support: + +Cubemap supports TLS on output, so that you can play video on TLS +web sites without issues with mixed content. TLS on input streams is +not (yet) supported. + +TLS requires kTLS, ie., Linux >= 4.13 with CONFIG_TLS enabled. Only cipher +suites supported by kTLS is supposed, ie., AES-128-GCM (if no such cipher +suite is available, the connection will be aborted). If the server is restarted +before the key exchange for a connection is completed, that connection will +not survive the restart, unlike all other connections. (This is a TLSe +limitation.) You can have different certificates on different ports (and +have separate ports for TLS and non-TLS), but SNI is not yet supported. + + Munin plugins: To activate these, symlink them into /etc/munin/plugins. If you don't put @@ -64,3 +82,5 @@ Legalese: Copyright 2013 Steinar H. Gunderson . Licensed under the GNU GPL, version 2. See the included COPYING file. + +See tlse/LICENSE for TLSe licensing.