I discovered that the default configuration for streamlock certificate configuration doesn’t provide the best security model. I had to edit the /conf/Vhost.xml file as:

${com.wowza.wms.context.VHostConfigHome}/conf/[filename].streamlock.net.jks
[password]
JKS
TLS
SunX509
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV
SSLv2Hello,TLSv1.1,TLSv1.2

Hi Chip,

Thanks for sharing your findings.

The default SSL Protocols and Cipher Suites are provided by the installed version of Java JRE. By default Wowza Streaming Engine allows all SSL Protocols and Cipher suites that Java provides but that can be tweaked as you’ve done following the instructions in the article: https://www.wowza.com/docs/how-to-improve-ssl-configuration

Best regards,

Andrew

Is there additional information available regarding the Stream Engine and the configuration of the JRE specifficaly to resolve this issue?