I've been investigating adding SSL support to the community firmware and have built two versions of openvpn for the touch using mbedtls and openssl.
Unfortunately, mbedtls doesn't support many ciphers or digests, nor TLS 1.3. Which is too bad as it's much lighter than openssl. I had already built openvpn with it before I realized those limitations. The touch can handle moderate traffic with openvpn-openssl without taxing the CPU. Here's a few top snapshots playing a 16bit, 44.1Khz ALAC files over a remote DSL connection. I choose ALAC instead of FLAC since jive uses more CPU decoding ALAC. I didn't try any higher resolution files. ALAC Track start. Code: -------------------- PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 25% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S 28968 23% 17% /usr/bin/jive 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 20000 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 3% jive_alsa -v -d plughw:2,0 -b 20000 -p 2 -s 16 -f 2 -------------------- Plackback after 1 minute. Code: -------------------- PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root S 5660 4% 6% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root R 29100 23% 14% /usr/bin/jive 16828 16819 root S 8528 7% 3% jive_alsa -v -d default -c default -b 20000 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 20000 -p 2 -s 16 -f 2 -------------------- Playback after 3 minutes. Code: -------------------- PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 9% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S 29100 23% 20% /usr/bin/jive 16828 16819 root S 8528 7% 4% jive_alsa -v -d default -c default -b 20000 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 4% jive_alsa -v -d plughw:2,0 -b 20000 -p 2 -s 16 -f 2 -------------------- ALAC 8 seconds before Next Track start. Code: -------------------- PID PPID USER STAT VSZ %MEM %CPU COMMAND 12253 1 root R 5660 4% 30% /media/sda1/openvpn-openssl --config /media/sda1/touch.ovpn --daemon 16819 1 root S 29232 23% 20% /usr/bin/jive 16828 16819 root S 8528 7% 5% jive_alsa -v -d default -c default -b 20000 -p 2 -s 24 -f 1 16827 16819 root S 8608 7% 5% jive_alsa -v -d plughw:2,0 -b 20000 -p 2 -s 16 -f 2 -------------------- Both openvpn versions and the kernel tun.ko driver are 'available on sourceforge' (https://sourceforge.net/projects/lmsclients/files/squeezeos/). This is only for the Touch it won't run on the Radio. You need to load the tun kernel driver using *insmod tun.ko* before running openssl or add the commands to /etc/init.d/rcS.local if you wanted openvpn to start at boot. I've also been testing a version of squeezelite with SSL on the Touch and Radio to see if it's worth trying to add SSL support to the firmware and both devices have no problems playing direct https streams. Unfortunately, it's not straight forward to run squeezelite with squeezeplay. You need to change enableAudio=1 in Playback.lua and restart squeezeplay before squeezelite with run. Additionally on the Radio you have to modify several lua files to stop the automatic powering off the amp when the idle timer triggers. One neat feature using squeezelite on the touch is you can run separate instances on the RCA and SPDIF jacks for 2 zones and you can use Choose Player to control either one. Ralphy *1*-Touch, *5*-Classics, *3*-Booms, *2*-UE Radio 'Squeezebox client builds' (https://sourceforge.net/projects/lmsclients/files/) 'donations' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=LL5P6365KQEXN&lc=CA&item_name=Squeezebox%20client%20builds¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted) always appreciated. ------------------------------------------------------------------------ ralphy's Profile: http://forums.slimdevices.com/member.php?userid=3484 View this thread: http://forums.slimdevices.com/showthread.php?t=114055 _______________________________________________ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter