How to Enable Specific TLS Versions in Wowza Streaming Engine

Step-by-Step Guide

1. Enable SSL Protocol Logging

1. Access Server Setup: Sign in to Wowza Streaming Engine Manager, click the Server tab, then Server Setup.
2. Add Custom Property:
   • Click the Properties tab, then Custom.
   • Click Edit, then Add Custom Property.
   • Set the following:
     • Path: /Root/Server
     • Name: sslLogProtocolInfo
     • Type: Boolean
     • Value: true
   • Click Save and restart the server.

2. Review SSL Protocol Logging

1. Check Logs: After restarting, review the logs for SSLInfo.ProtocolsEnabled and SSLInfo.ProtocolsSupported to see the enabled and supported protocols.

3. Modify VHost.xml for TLS Configuration

1. Edit VHost.xml:
   • Navigate to [install]/conf/VHost.xml.
   • Locate the desired <HostPort> section and ensure it is uncommented.
   • Modify the <Protocols> tag within <SSLConfig> to include the desired TLS versions, e.g., <Protocols>TLSv1.2,TLSv1.1</Protocols>.
2. Save Changes: Save the file and restart Wowza Streaming Engine.

4. Deploy and Test Changes

1. Restart Services: Restart Wowza Streaming Engine and Manager services.
2. Test Configuration: Use a client or player to test the connection with the specified TLS versions.

Debugging SSL Connection Filtering

1. Enable Connection Info Logging:
   • In Wowza Streaming Engine Manager, go to Virtual Host Setup.
   • Add a custom property:
     • Path: /Root/VHost
     • Name: sslLogConnectionInfo
     • Type: Boolean
     • Value: true
   • Save and restart the virtual host.
2. Review Logs: Check logs for SSLHandler.connectionInfo to verify the protocol and cipher suite used.

Additional Resources

• Wowza Streaming Engine Documentation
• SSL Configuration Guide