We are using Wowza Streaming Engine 4 Perpetual Edition 4.2.0 build 15089
We implemented SSL over port 443 on the streaming. Recently we have a scan and spotted the following issues:
- SSLv3 is enabled which is vulnerable to POODLE attack (CVE-2014-3566).
- Web servers adopt weak Diffie-Hellman (DH) parameters in cipher suites.
- Support client-initiated renegotiation.
- SHA1 with RSA is used in the certificate.
- A weak cipher suite (RC4) is enabled.
The resolution is:
- Disable SSLv3.
- Generate and apply strong 2048-bit DH parameters (Seehttps://weakdh.org/sysadmin.html for details).
- Disable client-initiated renegotiation on the server.
- Adopt a server certificate using SHA-256 with RSA.
- Disable all weak cipher suites.
My questions are:
A). For #1, how to disable SSLv3 in Wowza config?
B). For #2 and #4, we understand that it’s the problem on our certificate. Is Wowza support certificate using 2048-bit DH parameters & SHA-256 with RSA?
C) For #5, how to enable / disable certain cipher over the SSL in Wowza?
D) For #3, seems it’s some setting in the SSL protocol. How can we disable it with Wowza?
Thank you for your reply.