Results 1 to 4 of 4

Thread: net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    Nov 2015
    Posts
    3

    Default net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

    Hi,

    I just upgraded from Wowza media Server to Wowza Streaming Engine and set up a streamlock protected application as mentioned in the documentation.
    But I can't stream rtmps to my flash player in Chrome. The error is :

    POST https://xxxxx.streamlock.net/open/1 net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

    The rtmps stream works well in other browsers, although I got the same error when trying to read a smoothstream in Firefox : then, the error occurs when trying to download https://xxxxx.streamlock.net/crossdomain.xml. (this smoothstreaming works in IE...)

    I've read informations here : https://weakdh.org/ and here https://weakdh.org/sysadmin.html and I understand that I should, for example, disable "Export Cipher Suites". Some examples show how to do this in Apache Http Server, Tomcat, etc... But there's is nothing I can find about this problem and Wowza.

    Any help would be greatly appreciated!
    Thx a lot!
    Last edited by samzas; 11-04-2015 at 02:38 AM.

  2. #2

    Default

    Hi,

    This can be caused by a number of things. Are you now running Wowza Streaming Engine 4.3 with the included JRE (Java Runtime Environment)? If not, or if you are running your own Java VM then I'd suggest installing the latest version 8 JRE (or JDK if that is a requirement).

    You can explicitly state the size of the DH Key by adding the following VMOption in your [install-dir]/conf/Tune.xml file (restart Wowza once done).

    <VMOption>-Djdk.tls.ephemeralDHKeySize=2048</VMOption>
    If this does not resolve matters then you may need to generate a new StreamLock certificate, which you can do via the Wowza Portal, in the StreamLock tab.

    If this still does not resolve the matter, then I'd suggest enabling SSL debug and raising a support ticket. Please refer to this thread and include the information requested in the raising a ticket page.



    Paul

  3. #3
    Join Date
    Nov 2015
    Posts
    3

    Default

    Hi Paul!

    We were using an old version of Java. We use now the included JRE and it works like a charm!
    Thx a lot for your help!

    Sam

  4. #4

    Default

    Thanks for the update and solution.

    Best,

    Salvadore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •