Wowza Community

SSL setting on

We are using Wowza Streaming Engine 4 Perpetual Edition 4.2.0 build 15089

We implemented SSL over port 443 on the streaming. Recently we have a scan and spotted the following issues:

  • SSLv3 is enabled which is vulnerable to POODLE attack (CVE-2014-3566).
  • Web servers adopt weak Diffie-Hellman (DH) parameters in cipher suites.
  • Support client-initiated renegotiation.
  • SHA1 with RSA is used in the certificate.
  • A weak cipher suite (RC4) is enabled.

The resolution is:

  1. Disable SSLv3.
  2. Generate and apply strong 2048-bit DH parameters (Seehttps://weakdh.org/sysadmin.html for details).
  3. Disable client-initiated renegotiation on the server.
  4. Adopt a server certificate using SHA-256 with RSA.
  5. Disable all weak cipher suites.

My questions are:

A). For #1, how to disable SSLv3 in Wowza config?

B). For #2 and #4, we understand that it’s the problem on our certificate. Is Wowza support certificate using 2048-bit DH parameters & SHA-256 with RSA?

C) For #5, how to enable / disable certain cipher over the SSL in Wowza?

D) For #3, seems it’s some setting in the SSL protocol. How can we disable it with Wowza?

Thank you for your reply.

Regards,

Billy