Please reference the following.
https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority
From the article:
“This article provides instructions for X509 certificates that are commonly received from the certificate authority.”
And
“X509 defines formats for public key certificates. RSA and DSA are two of thepublic key algorithms that can be used in X509 certificates.”
In this page:
https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
You can search for these lines:
-keysize
2048 (when using -genkeypair and -keyalg is “RSA”)
1024 (when using -genkeypair and -keyalg is “DSA”)
Further research leads to this discussion:
https://stackoverflow.com/questions/2841094/what-is-the-difference-between-dsa-and-rsa
DSA is faster in signing, but slower in verifying. A DSA key of the same strength as RSA (1024 bits) generates a smaller signature. An RSA 512 bit key has been cracked, but only a 280 DSA key.
So RSA would need to be used and because it can both encrypt and decrypt, and an RSA 512 has already been cracked.
The StreamLock option is a good fit for a “Free” option needing HTTPS delivery, however if security of the content is a real concern then using RSA 2048 is a better fit, though the added overhead does have to be accounted for concerning resources.