Ingest and publish an SRT stream with Wowza Streaming Engine

Updated on 06/08/2026 8:04 am PDT


With Wowza Streaming Engine™ 4.7.3 and later, you can ingest MPEG-TS packaged Secure Reliable Transport (SRT) streams and distribute those streams to viewers using stream targets. Wowza Streaming Engine supports SRT version 1.5.0 and later.

This article describes configuring Wowza Streaming Engine to ingest and publish SRT streams using two different methods — one using listener mode and the other using the legacy MediaCaster workflow.

We recommend listener mode for its simplified configuration and more efficient network setup. SRT listener mode eliminates the need to create a separate .stream file for each SRT stream, and it doesn't require opening multiple UDP ports in your firewall settings to connect your SRT listener streams.

The legacy SRT MediaCaster workflow that utilizes .stream files may be a better fit for more complex scenarios, such as when enabling multiple alternative tracks over SRT.

Notes:
  • Wowza Streaming Engine 4.7.2 only supports ingesting SRT content.
  • Linux or Windows installations of Wowza Streaming Engine are required for all SRT workflows.

Before you start

Before you start working with this feature, create a live application in Wowza Streaming Engine.

If you're installing a new instance of Wowza Streaming Engine 4.8.0 or later on Windows, you may need to install additional dependencies to ingest SRT MediaCaster streams or use the generic SRT stream targets destination to publish an SRT stream.

To address this, install the latest version of the Microsoft Visual C++ Redistributable for Visual Studio that is appropriate for your operating system. This is not an issue for pre-existing installations of Wowza Streaming Engine that are updated to Wowza Streaming Engine 4.8.0 or later.

Configure SRT listener mode

The SRT listener mode setup requires a one-time Server.xml, VHost.xml, and Application.xml configuration.

When using this mode, Wowza Streaming Engine waits for multiple incoming connections. SRT streams can be pushed directly to Wowza Streaming Engine without creating separate .stream files for each stream. Connections are served on the same SRT port, eliminating the need to open numerous UDP ports to accept your inbound listener streams.

1. Configure your Server.xml

First, follow these steps to update your Server.xml configuration file. For more, see the Wowza Streaming Engine Server.xml configuration reference.

  1. In your text editor, open the Server.xml configuration file located at [install-dir]/conf/Server.xml.
  2. In the Server.xml, inside the VHostListeners element, uncomment this <VHostListener> child element and <BaseClass>: 
<VHostListener>
  <BaseClass>com.wowza.wms.protocol.srtListener.SRTVHostListener</BaseClass>
</VHostListener>
  1. Save your Server.xml file. You need to restart your server, but you can do so in the next section, after configuring your VHost.xml.

2. Configure your VHost.xml

This section explains how to modify your VHost.xml configuration file to publish your SRT stream. For more, see the Wowza Streaming Engine VHost.xml configuration reference.

  1. In your text editor, open the VHost.xml configuration file located at [install-dir]/conf/VHost.xml.
  2. In the VHost.xml, inside the VHost element, add the following SRTListener properties. Replace placeholder values in brackets with your own. Add a global or default srtPassPhrase value. For information about each property, see the VHost SRTListener property reference. 
<SRTListener>
  <!-- Basic listener configuration -->
  <srtListenerLocalPort>[srt-listener-port]</srtListenerLocalPort>
  <srtListenerLocalIPAddress>[srt-listener-local-ip-address]</srtListenerLocalIPAddress>
  <srtListenerBacklog>100</srtListenerBacklog>

  <!-- Security settings -->
  <!-- To bypass encryption, omit srtPassPhrase and use none PublishMethod in the Application.xml -->
  <srtPassPhrase>[global-passphrase]</srtPassPhrase>

  <!-- Buffer and latency settings -->
  <srtReceiveBufferSize>12058624</srtReceiveBufferSize>
  <srtReceiveBufferSizeUDP>12288000</srtReceiveBufferSizeUDP>
  <srtLatency>400</srtLatency>

  <!-- Network and performance settings -->
  <srtMaximumSegmentSize>1500</srtMaximumSegmentSize>
  <srtFlightFlagSize>25600</srtFlightFlagSize>
  <srtMaximumBandwidth>-1</srtMaximumBandwidth>
  <srtInputBandwidth>25</srtInputBandwidth>
  <srtOverheadBandwidth>25</srtOverheadBandwidth>

  <!-- Reliability and packet handling -->
  <srtTooLatePacketDrop>true</srtTooLatePacketDrop>
  <srtSendNakReports>true</srtSendNakReports>
  <srtPacketLossTolerance>0</srtPacketLossTolerance>
  <srtTimestampBasedDeliveryMode>true</srtTimestampBasedDeliveryMode>

  <!-- Debugging and logging -->
  <srtTimesToPrintStats>0</srtTimesToPrintStats>
  <srtDebug>false</srtDebug>
</SRTListener>
  1. Save your VHost.xml and restart your server.

3. Configure your Application.xml

This section explains how to modify your Application.xml configuration file to encrypt your SRT stream. For more, see the Wowza Streaming Engine Application.xml configuration reference.

Global versus per-user passphrase encryption

You can use a global passphrase or per-user encryption for better security. The global passphrase is a single encryption key shared between the sender and authorized receivers. This method simplifies setup and is ideal for public or semi-private streams. With per-user encryption, you can assign a unique passphrase for each user to prevent unauthorized access. This prohibits one user from intercepting another user's stream. If a passphrase is compromised, only the affected user is impacted, not the entire system.

With these steps, you can add a global or per-user passphrase to publish and encrypt your SRT stream using SRT listener mode. The passphrase entered on the source and destination devices must match.

Toggle between the following tabs to select the best method for your use case.

Encrypt with a global passphrase

  1. In your text editor, open the Application.xml configuration file located at [install-dir]/conf/[application-name]/.
  2. In the Application.xml, inside the Application element, modify the SRTListener block.
  3. To enable SRT listener mode for your application and require a global passphrase, update the <Authentication> child element and set <PublishMethod> to none: 
<SRTListener>
  <Authentication>
    <!-- basic: Enable SRT listener mode for you application and require per-user passphrase -->
    <!-- none: Enable SRT listener mode for your application and use global passphrase -->
    <!-- block: Disable SRT listener mode for your application -->
    <!-- To bypass encryption, use none and don't specify an srtPassPhrase in the VHost.xml -->
    <PublishMethod>none</PublishMethod>
  </Authentication>
</SRTListener>
  1. Save your Application.xml file and restart the application.

Encrypt with a per-user passphrase

  1. In your text editor, open the Application.xml configuration file located at [install-dir]/conf/[application-name]/.
  2. In the Application.xml, inside the Application element, modify the SRTListener block.
  3. To enable SRT listener mode for your application and require a per-user passphrase, update the <Authentication> child element and set <PublishMethod> to basic: 
<SRTListener>
  <Authentication>
    <!-- basic: Enable SRT listener mode for your application and require per-user passphrase -->
    <!-- none: Enable SRT listener mode for your application and use global passphrase -->
    <!-- block: Disable SRT listener mode for your applicaton -->
    <!-- To bypass encryption, use none and omit srtPassPhrase in the VHost.xml -->
    <PublishMethod>basic</PublishMethod>
  </Authentication>
</SRTListener>
  1. Save your Application.xml file and restart the application.
  2. Add a Source User Name and Source Password by completing steps 1 through 4 in the Authenticate live sources section. Passwords are saved to the publish.password file.
Note: In this context, the Source Password serves as the passphrase to encrypt and decrypt SRT video streams when using SRT listener mode. It's part of the AES encryption feature built into the SRT protocol, ensuring only authorized receivers who know the passphrase can view the stream. SRT passphrases must be between 10 and 79 characters.


4. Manage settings for duplicate streams (optional)

In SRT listener mode, by default, you can publish a stream with a duplicate name matching an existing stream in your application. If the old stream has an SRT source, the new stream will replace it. Otherwise, the new stream will be rejected. You can modify this behavior by following these steps.

  1. Navigate to your application in Wowza Streaming Engine.
  2. Go to the Source Security page.
  3. Click Edit.
  4. Scroll to the Duplicate Stream Names section.
  5. Select the checkbox to reject a second stream with the same name.

5. Publish your stream

After configuring your Application.xml, you can set up a global passphrase, a per-user passphrase, or no encryption for publishing your SRT stream.

Note: To disable encryption, set PublishMethod to none in Application.xml and omit srtPassPhrase from VHost.xml.

Global passphrase

To publish a stream using a global passphrase, follow the steps below:

  1. Start a stream.
  2. Push the video stream to your WSE server. The example below uses FFmpeg with SRT. 
    
ffmpeg -re -i elephantsDream.mp4 \
  -c copy \
  -f mpegts \
  "srt://<srt-listener-public-ip-address>:<srt-listener-port>?passphrase=<global-passphrase>&pbkeylen=32&mode=caller&streamid=#!::m=publish,r=<application-name>/<application-instance>/<stream-name>"


    SRT URI Components
    Component Description Required
    srt-listener-public-ip-address The IP address of your SRT listener. Yes
    srt-listener-port The port number for your SRT connection. Must match the srtListenerLocalPort value in your VHost.xml file. Yes
    stream-name The name of the stream. Yes
    streamid Identifies the stream and operation mode (format: #!::m=publish,r=[path]) Yes
    application-name The name of your live app. Yes
    application-instance The instance name of your live app. *This field is not required if using the default application _definst_ instance. No*
    passphrase The global encryption passphrase. Must match the srtPassPhrase value in your VHost.xml file. If you're not using a passphrase, omit this parameter. No
    pbkeylen Password-based key length in bytes (optional, defaults to 0 for AES-128). Valid values: 0 (default, AES-128 not advertised), 16 (128-bit AES), 24 (192-bit AES), 32 (256-bit AES). See Haivision documentation. No

    Notes:
  3. In the Content panel of your WSE instance, click Incoming Streams. You will now see your stream listed as Active.

Per-user passphrase

To publish a stream using a per-user passphrase, follow the steps below:

  1. Start a stream.
  2. Push the video stream to your WSE server. The example below uses FFmpeg with SRT. 
    
ffmpeg -re -i elephantsDream.mp4 \
  -c copy \
  -f mpegts \
  "srt://<srt-listener-public-ip-address>:<srt-listener-port>?passphrase=<user-passphrase>&pbkeylen=32&mode=caller&streamid=#!::m=publish,u=<user-name>,r=<application-name>/<application-instance>/<stream-name>"


    SRT URI Components
    Parameter Description Required
    srt-listener-public-ip-address The IP address of your SRT listener. Yes
    srt-listener-port The port number for your SRT connection. Must match the srtListenerLocalPort value in your VHost.xml file. Yes
    user-name Must match the Source User Name you created for per-user passphrase encryption. Yes
    application-name The name of your live app. Yes
    stream-name The name of the stream. Yes
    streamid Identifies the stream and operation mode (format: #!::m=publish,u=[user-name],r=[path]) Yes
    application-instance The instance name of your live app. *This field is not required if using the default application _definst_ instance. No*
    passphrase The per-user encryption passphrase. Must match the Source Password you created for per-user passphrase encryption. If you're not using a passphrase, omit this parameter. No
    pbkeylen Password-based key length in bytes (optional, defaults to 0 for AES-128). Valid values: 0 (default, AES-128 not advertised), 16 (128-bit AES), 24 (192-bit AES), 32 (256-bit AES). See the Haivision documentation No

    Notes:
  3. In the Content panel of your WSE instance, click Incoming Streams. You will now see your stream listed as Active.


6. Test playback

To test playback of the SRT stream over the streaming protocols you enabled for Playback Types, go to our Wowza Test Player. If using the default application instance, you can play back an HLS stream with:

https://[server-ip-address]:1935/[application-name]/_definst_/[stream-name]/playlist.m3u8

7. Troubleshooting

When troubleshooting SRT listener mode, we recommend reviewing several log locations to help resolve issues. Toggle between each of the following tabs for additional details.

Wowza Streaming Engine logs

You can navigate to check the Error logs found on the  Server Logs Wowza Streaming Engine Server Logs tab.

For example, you may be publishing an SRT stream to your live application using the correct passphrase and/or username, but your Application.xml doesn't contain the correct PublishMethod to enable listener mode. You may see an error similar to:

ERROR: SRT Listener Mode authentication mode is blocked for [application-name]

For more information about these logs, see View log messages in Wowza Streaming Engine Manager.

STDERR OUTPUT logs

When you run Wowza Streaming Engine from your terminal, STDERR output logs can also help to troubleshoot your SRT listener implementation. These standard error logs typically include an error string defined by the SRT library.

Let's say you've added <PublishMethod>basic</PublishMethod> to your  Application.xml and your live application is expecting a per-user passphrase to encrypt your stream. However, when you send your SRT stream from your encoder to Wowza Streaming Engine, you include the username, but omit the user's passphrase. The stream is rejected, and the STDERR OUTPUT in your terminal may look similar to:

14:20:19.278000/T10108*E:SRT.cn: HS EXT: Agent declares encryption, but Peer does not - rejecting connection per enforced encryption.
14:20:19.279000/T10108!W:SRT.cn: @727214328:newConnection: connection rejected due to: INTERNAL REJECTION - ERROR:UNSECURE
14:20:19.279000/T10108!W:SRT.cn: processConnectRequest: rsp(REJECT): 1011 - Password required or unexpected

Encoder logs

When sending your stream to Wowza Streaming Engine, the encoder often contains logs to explain why the connection failed.

Let's say you're using a global passphrase to publish and encrypt your SRT stream. You publish the SRT stream to your live application in Wowza Streaming Engine using FFmpeg. However, you don't send a global passphrase. Instead, you send per-user credentials.

In this case, the application is expecting a global passphrase. The passphrase used by the caller doesn't match the passphrase on the listener, and the stream is rejected. The FFmpeg encoder displays a similar error:

REJECT reported from HS processing: Incorrect passphrase - not processing further
ERROR: BADSECRET


Configure SRT with MediaCaster (legacy)

This setup can be completed using Wowza Streaming Engine Manager. For this workflow, you must create a separate .stream file with a unique port for each SRT stream. You must also open numerous UDP ports to connect your SRT streams.

Video tutorial: Send an SRT stream to Wowza Streaming Engine

See how to send an SRT live stream from Wirecast to Wowza Streaming Engine and play the stream using HLS.

Note: This video tutorial only applies to SRT workflows that are configured using MediaCaster and .stream files.


1. Configure playback

Before connecting a live source and publishing a live stream, complete the following steps to configure playback support for your application.

  1. Click the Applications tab at the top of the page and then select your application in the contents panel.
  2. Click the Setup tab on your application's page and then click Edit.
  3. Under Playback Types, select any streaming protocols you need to support for playing streams sent to this application. The playback types enable transmuxing a source stream into MPEG-DASH, HLS, RTMP, and RTSP/RTP.
  4. Click Save.

  1. In the application's contents panel, click Playback Security, and then click Edit. For more information about Playback Security options, see Playback security options.
  2. Under Client restrictions, select No client restrictions to allow players to connect from any IP address.
  3. Click Save and then restart the application.

2. Connect to a source stream

Next, you must add and connect a stream file for your application, and then publish your stream to Wowza Streaming Engine.

Note: Only one SRT stream can be sent per port. You must create a separate .stream file with a unique port for each SRT stream.

  1. Sign in to Wowza Streaming Engine Manager as an Administrator. You must have administrator privileges to create stream files. For more information, see Manage credentials.
     
  2. In the Server contents panel, click Stream Files, and then click Add Stream File.


     
    Note: You can also access Stream Files from the contents panel of the selected application.
  3. In the Add Stream File modal, enter a name for the stream file and the URI of the source stream, and then click Add. Note that it is important to use the IP address of the server hosting the stream as the Stream URI.
     
    Note: The Stream URI is formatted srt://0.0.0.0:[port] for pull streams.

     
  4. (Optional) Specify per-stream settings. Per-stream settings override those in the application configuration for that stream and apply only to the types of streams identified by the configuration. For more information, see Specify per-stream settings in Wowza Streaming Engine .stream files.
  5. To start the stream, click the Connect icon to connect to the stream.

     
  6. In the Connect a Stream File modal, for Application Name, select the live application that will host the stream.

  1. For MediaCaster Type, select srt to pull a stream using a Secure Reliable Transport (SRT) connection.


  2. Click OK.
  3. Go to the Incoming Streams page for your application to see your stream in a  Waiting for Stream status.
  4. Start a stream and send it to your Wowza Streaming Engine server. For more about publishing live streams, see Connect a live source to Wowza Streaming Engine.

3. Verify the connection

To verify that Wowza Streaming Engine is receiving the published stream, complete the following steps in Wowza Streaming Engine Manager.

  1. Click Incoming Streams in the contents panel for your live application. You should see your stream listed with Active for the status.



  2. Click the stream name to see the uptime, network throughput, and other information about the published stream.


4. Test playback

To test playback of the SRT stream over the other streaming protocols you enabled for Playback Types, complete the following steps.

  1. In Wowza Streaming Engine Manager, in the contents panel for your application, click Stream Files.
  2. In the Stream Files list, click the name of your stream file.
  3. From your stream file's page, click Test Playback.
  4. Review and, if needed, edit the following information in the Test Playback window for your stream:
     
    • Server – The IP address or domain name of the server and the streaming port ([address]:[port]).

    Note: The stream name should include the .stream file extension.
  5. (Optional) In the Streaming URLs section, select Secure URL for the streaming protocol you want to use to test playback if you have configured SSL/TLS for streaming over https, rtmps, or rtsps.
  6. Click the Copy icon for the streaming protocol you want to use to test playback.
  7. Paste the playback URL into your player or a mobile browser depending on the protocol. Alternatively, you can use the Wowza Video Test Players webpage. For more information about playback URLs, see About playing Wowza Streaming Engine streams.

Next steps

More resources 

Was this article helpful?
Thank you for your feedback!
User Icon

Thank you for providing feedback to help us improve our documentation!

© 2007–2025 Wowza Media Systems, LLC. All rights reserved.   Security & Privacy PolicyLegalSystem Status