SSL setting on

Billy_Chin · June 8, 2017, 2:56am

We are using Wowza Streaming Engine 4 Perpetual Edition 4.2.0 build 15089

We implemented SSL over port 443 on the streaming. Recently we have a scan and spotted the following issues:

SSLv3 is enabled which is vulnerable to POODLE attack (CVE-2014-3566).
Web servers adopt weak Diffie-Hellman (DH) parameters in cipher suites.
Support client-initiated renegotiation.
SHA1 with RSA is used in the certificate.
A weak cipher suite (RC4) is enabled.

The resolution is:

Disable SSLv3.
Generate and apply strong 2048-bit DH parameters (Seehttps://weakdh.org/sysadmin.html for details).
Disable client-initiated renegotiation on the server.
Adopt a server certificate using SHA-256 with RSA.
Disable all weak cipher suites.

My questions are:

A). For #1, how to disable SSLv3 in Wowza config?

B). For #2 and #4, we understand that it’s the problem on our certificate. Is Wowza support certificate using 2048-bit DH parameters & SHA-256 with RSA?

C) For #5, how to enable / disable certain cipher over the SSL in Wowza?

D) For #3, seems it’s some setting in the SSL protocol. How can we disable it with Wowza?

Thank you for your reply.

Regards,

Billy

Topic		Replies	Views
Turning on SSL Wowza Streaming Engine server-administration	1	3491	January 15, 2017
SSL client issue Wowza Streaming Engine	1	2631	March 11, 2019
Wowza 4.4.1 SSL Only Responding on HTTP Wowza Streaming Engine	1	2199	September 2, 2017
New server config Wowza Streaming Engine server-administration	3	2631	February 13, 2014
SSL Setup docs not correct Wowza Streaming Engine	5	2734	March 14, 2016

SSL setting on

Related topics