Category Archives: security

Configuring FMS with an SSL hardware accelerator

Flash Media Server supports SSL natively. For information see Configure SSL in the Flash Media Server docs. That said, you may choose to use an SSL hardware accelerator instead.

By default, when Flash Player connects to FMS, it scans the following ports in order: 1935, 443, 80, 80 (RTMP tunneling). To configure a secure port for an adaptor, specify a minus sign in front of the port number in the ADAPTOR.HOSTPORT parameter in the RootInstallationFolder/conf/fms.ini file, as follows:


With this config, when Flash Player uses an RTMPS string to connect to FMS it uses port 443. FMS also returns data over port 443. To tell a Flash Player client to make an SSL connection to Flash Media Server, use an RTMPS string (“rtmps://domain/applicationname”) in the NetConnection.connect() call.   Any traffic with an RTMP string (“rtmp://domain/applicationname”) uses port 1935.

In other words, to configure SSL, you need to specify that a port is “secure” by specifying a minus sign in front of the port number in the fms.ini file. Then you specify an SSL connection by using the “rtmps” protocol specifier in the connection URI. If no port is specified, the default port for RTMPS is 443. If you configure any port other than 443 as secure, for example, -1935, you need to explicitly specify the port in the URI, for example, “rtmps://domain:1935/applicationname”.

Configure the hardware to listen externally on port 443 and forward unencrypted data to FMS on port 1935.

If you’re using hardware SSL, you don’t need to complete the configuration steps necessary for using native SSL, the hardware does all the hard work and simply forwards unencrypted RTMP to FMS.