Wowza SSL/TLS Security Settings

From IVS Wiki
Jump to: navigation, search
  1. Connect to the server via ssh or access the shell via the console.
  2. Type in the following, and then press Enter: 
    sudo nano /usr/local/WowzaStreamingEngine/conf/VHost.xml
  3. Locate the line in the file under the SSL section (approximately line 83) 
    <Protocols></Protocols>
  4. Change the line to:
    <Protocols>TLSv1.2</Protocols>
  5. Locate the line in the file under the SSL section (it should be right above the protocols line) 
    <CipherSuites></CipherSuites>
  6. Change the line to: 
    <CipherSuites>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</CipherSuites>
  7. Type CTRL-X and then press Enter to exit.
  8. Enter Y to save changes.
  9. Do not change the name and press Enter to save the changes.
  10. Type in the following, and then press Enter: 
    sudo service WowzaStreamingEngine restart

You can verify the active ciphers by running the following command: 

nmap -sV --script ssl-enum-ciphers -p 444 <host>
Retrieved from "https://ipivs.info/wiki/index.php?title=Wowza_SSL/TLS_Security_Settings&oldid=6994"