Improve SSL performance with Java 9 for Wowza Streaming Engine

Updated on 03/29/2022 2:20 pm PDT

Unlike the algorithms used in earlier versions of Java, the default GCM algorithms in Java 9 do not use hardware acceleration. As a result, you may see a signifcant reduction in performance of the default algorithm configurations used in Wowza Streaming Engine™ media server software.

This article describes two ways to disable the newer, slower algorithms in Java 9, as well as an alternative method for improving SSL performance using Conscrypt, an open-source Java Security Provider that offers improved SSL performance.

Note: This article applies to Wowza Streaming Engine 4.7.8 through 4.8.17, which are built on Java 9. Later versions of Wowza Streaming Engine use Java 11 and do not have this issue.

Use a custom java.security file (recommended)

If you don't want to modify the default java.security file in the java_home location, you can create a custom java.security file to modify the jdk.tls.disabledAlgorithms property. 

  1. Create a new java.security file in a location of your choosing.
  2. Set jdk.tls.disabledAlgorithms=GCM.
  3. Save your changes.
  4. Open the [wowza-install-dir]/conf/Tune.xml file in a text editor.
  5. In the <VMOptions> section, add <VMOption>-Djava.security.properties=[custom-java.security-path]/java.security</VMOption>, and save your changes.

Update the java_home java.security file

Notes:

  • If you completed the steps in Use a custom java.security file (recommended), you've already disabled the algorithms. No further action is required.
  • With this method, you may have to reapply the changes if you update or reinstall Java.

You can also disable the slower GCM algorithms in Java 8 in the java_home version of the java.security file.

  1. Open [java_home]/conf/security/java.security in a text editor.
  2. Add the value GCM to the jdk.tls.disabledAlgorithms property.
  3. Save your changes.

Enable the Conscrypt provider

Conscrypt improves SSL performance and reduces CPU usage. When enabled, it replaces the built-in Java cryptography libraries. You do not need to disable the GCM algorithms if Conscrypt is enabled.

Note: Conscrypt is available in Wowza Streaming Engine 4.8.8.01 and later.
  1. Navigate to [install-dir]/conf/ and open Server.xml in a text editor.
     
    Note: You can also add custom properties with Wowza Streaming Engine Manager rather than editing the XML configuration manually. For this property, you add it from the Server Setup page. See Add a custom property for more information.
  2. Add the following property to the <Server>/<Properties> container. Be sure to add the property to the correct <Properties> container in Server.xml as there are several such containers in the file.
    <Property>
    <Name>insertConscryptCryptoProvider</Name>
    <Value>true</Value>
    <Type>Boolean</Type>
</Property>
  3. Restart Wowza Streaming Engine to apply the changes.
Note: You can enable the sslLogConnectionInfo property to verify that Conscrypt is being used. For more information, see Improve SSL configuration for Wowza Streaming Engine.
Was this article helpful?
Thank you for your feedback!
User Icon

&lt;p align=&quot;left&quot;&gt;Thank you for providing feedback to help us improve our documentati

© 2007–2024 Wowza Media Systems, LLC. All rights reserved.   Security & Privacy PolicyLegalSystem Status