Streaming

You can stream the camera/playback video and audio of the unit with low latency.

Two streaming methods are supported.

  • RTMP/RTMPS streaming

    You can stream the camera video and audio of the unit with low latency using RTMP (Real Time Messaging Protocol) developed by Adobe Inc. RTMPS which uses SSL encryption is also supported.

  • SRT streaming

    You can stream the camera video and audio of the unit with low latency using SRT (Secure Reliable Transport) developed by Haivision. SRT streaming employs a listener and a caller. The listener has connection destination information, such as an IP address and domain. The caller connects to the listener. The unit corresponds to a caller.

Note

  • For secure streaming distribution, the stream URL must use the “rtmps://” protocol. RTMP is used for general streaming but is not very secure. On the other hand, RTMPS encrypts data using SSL/TLS for secure streaming.
  • In SRT, you can select AES-128 or AES-256 as the encryption setting. This ensures that streaming data is encrypted and streamed securely. You can also set [Security] (encryption method) for wireless LAN to [None], but data will not be encrypted and communication will not be secure. When configuring this setting, be sure to take into consideration the security requirements of your network environment and the streaming destination.
  • The encryption setting for SRT must match the destination setting. Setting the same encryption method as the destination will ensure normal communication.
  • When using SRT, the valid input characters for the passphrase and shared key are alphabetic characters, numeric characters, and symbols. Entering 16 or more characters is strongly recommended.

The streaming bit rate range and initial value varies depending on the system frequency and resolution as follows.

System frequency Streaming
Resolution Bit rate range (Mbps) Initial value (Mbps)
59.94/50 3840×2160 38 only
1920×1080 4.5 to 27 9
1280×720 2.3 to 13.5 6
29.97/25/23.98 3840×2160 13 to 38 34
1920×1080 3 to 18 6
1280×720 1.5 to 9 4

Note

  • Playback streaming using stored videos is not supported.
  • Even if the video output format is interlaced, the streaming output will be in progressive format.

About the RTMPS function

The RTMPS function supports various encryption algorithms to ensure secure RTMPS streaming. Multiple encryption algorithms, some of which may not comply with current security best practices, are supported for compatibility with a wide range of streaming destination servers.

Encryption algorithms supported by the RTMPS function

The following encryption algorithms are supported.

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CCM
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_CCM
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CCM
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CCM
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Recommended encryption algorithms

The following encryption algorithms are recommended based on the NIST recommendations (NIST SP 800-57 Part 1 Revision 5) and related security standards.

  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_128_CCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CCM
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CCM
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

About deprecated algorithms

The RTMPS function also supports the following algorithms for compatibility, but they are deprecated based on the NIST recommendations (NIST SP 800-57 Part 1 Revision 5) and related security standards, and may be removed in a future version.

Key exchange algorithms

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_CCM
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CCM
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

About connection compatibility

The RTMPS function is designed with a balance between security and compatibility. Currently, deprecated algorithms are supported for the following reasons, but they may be removed in a future version to improve security.

  • To use the RTMPS streaming function, connection to various servers is required to support RTMPS streaming.
  • Compatibility with older systems and legacy servers needs to be maintained.
  • Not all users are prepared to change to a more secure setting because changing the encryption algorithm settings on the server side is complicated.
  • The RTMPS settings are often shared with other secure services. Any changes must be considered carefully as they may have an impact on other services on the server.
  • A wide range of encryption algorithms must be supported to ensure interoperability in different environments.

The encryption algorithm used during an RTMPS connection is determined by automatic negotiation with the destination server, and therefore depends on the server settings. While aware of the security risks, compatibility is currently prioritized to satisfy the diverse needs of users.

Security risks

Using deprecated algorithms, including CBC and DHE, increases the risk that encrypted data may be decrypted or tampered with by an attacker, exposing data during streaming.

Recommendation for secure connection

Before using the RTMPS streaming function, check that the connection destination server supports the recommended encryption algorithm. Enable only the recommended algorithms on the server side and disable the deprecated algorithms.

References

  • Recommendation for Key Management, Special Publication 800-57 Part 1 Revision 5, NIST, 2020.
  • Transitioning the Use of Cryptographic Algorithms and Key Lengths, Special Publication 800-131A Revision 2, NIST, 2019.
  • Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, NIST, 2005 (includes updates as of 10/06/2016).

Configuring RTMP/RTMPS streaming

Setting the connection destination and format

  1. Set [Network] – [Stream] to [RTMP/RTMPS 1] to [RTMP/RTMPS 8] in the full menu.

    The connection destination setup screen appears.

  2. Set each item on the connection destination setup screen.

    Configuration item Description
    [Display Name] Set the display name in the [Destination Select] menu.
    [Codec] Displays the codec of the streaming video.
    [Resolution]

    Set the resolution of the streaming video.

    • 3840×2160P
    • 1920×1080P
    • 1280×720P
    [Bit Rate] Set the bit rate of the streaming video.
    [Destination URL] Set the URL of the server to connect.
    If the URL begins with “rtmps://” characters, streaming is recognized as RTMPS streaming and the streaming data is encrypted. In this case, a certificate for RTMPS connections is required.
    [Stream Key] Set the stream key used for the streaming connection.
    [RTMPS Certificate]

    Load/clear a certificate for RTMPS streaming.

    • [Load]: Load a certificate.

    Note

    • The certificate to be loaded must be in PEM format, and should be written to the root directory of the memory card with “RTMPS_certification.pem” file name.
    • [Clear]: Clear the certificate.
    • [None]: Do not load or clear a certificate.

    If a certificate is not loaded here, the built-in default certificate of the unit will be used.
  3. When finished, select [Set] to apply the settings.

Note

  • Always select [Set] after changing the settings. The settings are not applied if [Set] is not selected.
  • Set the clock of the unit to the correct time before importing a certificate for RTMPS connections.
  • Depending on the recording format, [Load]/[Clear] cannot be executed for a certificate because the recording operation takes priority.

  • In low voltage state, [Load]/[Clear] cannot be executed for a certificate for RTMPS connections.

    [RTMPS Certificate Status]: Displays the load status of the certificate for RTMPS connections.

    [Reset]: Reset the settings to the default values.

Replacing the built-in default certificate of the unit with another default certificate

  1. Insert a memory card on which a different default certificate is saved in card slot B.

    Import file: “RTMPS_DefaultCertificates.pem” located in the root directory of the memory card

  2. Select [Network] – [Stream] – [RTMPS Default Certificates] – [Replace] – [Execute] in the full menu.

    A message appears, confirming that the default certificate has been written to the memory card. You can also replace the default certificate with a user default certificate.

  3. Select [OK].

    The default certificate is imported into the unit.

    When loaded successfully, a message appears.

Reverting to the built-in default certificate of the unit

Select [Network] – [Stream] – [RTMPS Default Certificates] – [Reset] – [Execute] in the full menu.

When the operation is completed successfully, a message appears.

The replacement default certificate is deleted and the built-in default certificate of the unit becomes enabled.

Checking the default certificate status

Select [Network] – [Stream] – [RTMPS Default Certificates] – [Status] in the full menu to display the status of the default certificate.

When the built-in default certificate of the unit is being used, [Preinstall] is displayed.

When a replacement default certificate is being used, the date and time that the certificate was replaced is displayed.

Display format: 4-digit year (Western calendar) + 2-digit month + 2-digit day + 2-digit hour (24-hour format) + 2-digit minute + 2-digit second

Example: 2024, December 1, 12:34:56 → 20241201123456

Configuring SRT streaming

Setting the connection destination and format

  1. Set [Network] – [Stream] to [SRT-Caller 1] to [SRT-Caller 8] in the full menu.

    The connection destination setup screen appears.

  2. Set each item on the connection destination setup screen.

    Configuration item Description
    [Display Name] Set the display name in the [Destination Select] menu.
    [Codec] Set the codec of the streaming video.
    [Resolution]

    Set the resolution of the streaming video.

    • 1920×1080P
    • 1280×720P
    [Bit Rate] Set the bit rate of the streaming video.
    [Destination URL] Set the URL of the server to connect.
    [Port] Set the port of the streaming destination.
    [Latency] Set the streaming distribution latency.
    [TTL] Set the time-to-live (TTL) value for streaming.
    [Encryption] Set the encryption method for streaming.
    [Passphrase] Set the passphrase used for encryption for streaming.
    [ARC] Enable/disable the Adaptive Rate Control function when streaming.

    Note

    • When [Codec] is set to [H.265/HEVC], some receivers may not support playback correctly. If a problem occurs during playback, try [H.264/AVC].

  3. When finished, select [Set] to apply the settings.

    Always select [Set] after changing the settings. The settings are not applied if [Set] is not selected.

    [Reset]: Reset the settings to the default values.

Starting streaming

  1. Connect the unit to the Internet or local network.

    Note

    • Use of wired LAN is recommended since streaming requires a large volume of continuous communication. If using the 2.4 GHz band wireless LAN, remote control from mobile devices or Bluetooth remote control operations may be disrupted. If the use of a wireless connection cannot be avoided, conduct sufficient testing beforehand in a radio wave environment similar to the actual usage environment.
    • The unit is not a network device (for example, a router or switching hub). It is strongly recommended that you connect the unit to a network where you can configure and manage the network settings appropriately to protect against network-based attacks, such as DoS attacks (Denial of Service attacks).
    • When connecting the unit to a network, connect it via a router that is configured and managed appropriately, or connect it to a LAN port that has the same functionality. If connected without such protection (for example when using free Wi-Fi), security issues may occur. When properly configured, routers provide sufficient protection against DoS attacks or loss of functionality of devices in the network. If you notice anything unusual, immediately disconnect the camera from the network.
  2. Select the transfer settings configured beforehand on the [Stream] status screen or using [Network] – [Stream] – [Destination Select] in the full menu.

  3. Set [RTMP/RTMPS Status]/[SRT-Caller Status] on the [Stream] status screen or set [Network] – [Stream] – [Setting] to [On] in the full menu.

    Streaming starts with the configured settings.

Note

  • Streaming cannot be started in the following cases.

    • When [Shooting] – [S&Q Motion] – [Setting] is set to [On] in the full menu
    • When [Project] – [Simul Rec] – [Setting] is set to [On] in the full menu
    • When [Project] – [Interval Rec] – [Setting] is set to [On] in the full menu
    • When [Project] – [Picture Cache Rec] – [Setting] is set to [On] in the full menu
    • When [Project] – [4K & HD (Sub) Rec] – [Setting] is set to [On] in the full menu
  • During streaming, the [Project] – [Picture Cache Rec] – [Cache Size] setting in the full menu cannot be changed.
  • Once you start streaming, it may take several 10s of seconds before video/audio actually start streaming.
  • If the streaming connection destination settings are invalid or if a network connection has not been established, is displayed by the streaming status indicator.
  • Video/audio data are sent as-is via the Internet. Accordingly, the data may be accessible by other parties. Make sure that the connection destination is able to receive the streaming data. Data may be sent to an unintended party due to an error in the address settings or other reason.
  • Streaming may be interrupted, depending on your internet connection or network conditions. If this occurs, start streaming again.
  • The image quality may be adversely affected for fast-moving scenes.
  • You may not be able to play all frames if streaming at high resolution and low bit rate. To reduce this phenomena, select a lower resolution in [Resolution].
  • The video cannot be viewed using the “Monitor & Control” application during streaming.
  • File transfer is not supported during streaming. File transfer is supported after stopping streaming.
  • If streaming is started during file transfer, the file transfer stops. File transfer restarts after stopping streaming.
  • The screen information update frequency is reduced during streaming, but this does not affect operation.
  • The recording settings cannot be changed during streaming.
  • The distribution formats available for streaming vary depending on the [Rec Format] of the main signal.
  • When the streaming resolution is 3840×2160P and the digital extender function is used, the magnification is 1.5×.

Stopping streaming

Set [RTMP/RTMPS Status]/[SRT-Caller Status] on the [Stream] status screen or set [Network] – [Stream] – [Setting] to [Off] in the full menu to stop streaming.

TP1002071016