I would like to define the cipher suites like this in my VHost.xml:

<CipherSuites>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</CipherSuites>
<Protocols>TLSv1,TLSv1.1,TLSv1.2</Protocols>

as described here https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites

Now, after applying this configuration, Wowza doesn’t even respond to https-requests anymore. How can I configure cipher suites in a best practice way?

Hello Thomas,

Thanks for posting this in the forum. I’d recommend having a look at this article describing best practices to optimise SSL configuration: https://www.wowza.com/docs/how-to-improve-ssl-configuration

In case any issues persist after reviewing the above, please feel free to open a support ticket (https://www.wowza.com/support/open-ticket) providing your server /conf and /logs folders and we’ll be glad to have a deeper look into it: https://www.wowza.com/docs/how-to-create-a-compressed-zip-file-in-windows-os-x-and-linux

Regards,

Alberto Cabaleiro

Wowza Support Engineer