I discovered that the default configuration for streamlock certificate configuration doesn’t provide the best security model. I had to edit the /conf/Vhost.xml file as:
${com.wowza.wms.context.VHostConfigHome}/conf/[filename].streamlock.net.jks
[password]
JKS
TLS
SunX509
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV
SSLv2Hello,TLSv1.1,TLSv1.2