Wowza SSL/TLS Security Settings
Revision as of 09:19, 26 June 2020 by IVSWikiBlue (talk | contribs)
- Connect to the server via ssh or access the shell via the console.
- Type in the following, and then press Enter:
sudo nano /usr/local/WowzaStreamingEngine/conf/VHost.xml
- Locate the line in the file under the SSL section (approximately line 83)
<Protocols></Protocols>
- Change the line to:
<Protocols>TLSv1.2</Protocols>
- Locate the line in the file under the SSL section (it should be right above the protocols line)
<CipherSuites></CipherSuites>
- Change the line to:
<CipherSuites>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</CipherSuites>
- Type CTRL-X and then press Enter to exit.
- Enter Y to save changes.
- Do not change the name and press Enter to save the changes.
- Type in the following, and then press Enter:
sudo service WowzaStreamingEngine restart
You can verify the active ciphers by running the following command:
nmap -sV --script ssl-enum-ciphers -p 444 <host>