net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Hi,

I just upgraded from Wowza media Server to Wowza Streaming Engine and set up a streamlock protected application as mentioned in the documentation.

But I can’t stream rtmps to my flash player in Chrome. The error is :

POST https://xxxxx.streamlock.net/open/1 net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

The rtmps stream works well in other browsers, although I got the same error when trying to read a smoothstream in Firefox : then, the error occurs when trying to download https://xxxxx.streamlock.net/crossdomain.xml. (this smoothstreaming works in IE…)

I’ve read informations here : https://weakdh.org/ and here https://weakdh.org/sysadmin.html and I understand that I should, for example, disable “Export Cipher Suites”. Some examples show how to do this in Apache Http Server, Tomcat, etc… But there’s is nothing I can find about this problem and Wowza.

Any help would be greatly appreciated!

Thx a lot!

Hi,

This can be caused by a number of things. Are you now running Wowza Streaming Engine 4.3 with the included JRE (Java Runtime Environment)? If not, or if you are running your own Java VM then I’d suggest installing the latest version 8 JRE (or JDK if that is a requirement).

You can explicitly state the size of the DH Key by adding the following VMOption in your [install-dir]/conf/Tune.xml file (restart Wowza once done).

<VMOption>-Djdk.tls.ephemeralDHKeySize=2048</VMOption>

If this does not resolve matters then you may need to generate a new StreamLock certificate, which you can do via the Wowza Portal, in the StreamLock tab.

If this still does not resolve the matter, then I’d suggest enabling SSL debug and raising a support ticket. Please refer to this thread and include the information requested in the raising a ticket page.

Paul

Thanks for the update and solution.

Best,

Salvadore

Hi Paul!

We were using an old version of Java. We use now the included JRE and it works like a charm!

Thx a lot for your help!

Sam