Skip to main content

Security Settings

The following tables list the configurable Haivision Media Platform Security settings.


Please contact your Network Administrator if you are unsure what to put in any of these fields or if you are unsure whether the setting is required on your network.


High Security (STIG) Environment

To enable security hardening features for high-security environments, toggle this button to On. This setting includes:

  • Session timeouts/locks for all interfaces.
  • Stronger password requirements.
  • Lock/disable accounts due to multiple authentication failures or expired passwords.
  • Disabling unnecessary services.

These steps are applied when the STIG setting is enabled, and are rolled back/canceled when the STIG setting is disabled.


This setting complies with National Institute of Standards and Technology (NIST) Special Publication 800-53 (see Rev 4).


  • Only security professionals who understand the cipher support and requirements within their organization should change this setting.
  • Some of these settings are not supported by Haivision Play Set-Top Box or by Google Chrome.
  • The default list has been verified for broad acceptance, and should typically only be adjusted to mitigate new and critical vulnerabilities that may occur.
Lock Session After(High Security (STIG) Environment must be enabled) Enter the inactivity time period (in minutes) before the user's HMP session is locked (on all interfaces: Console UI, SSH, and Web).
Web Server



Configures the Web ports for HMP:

  • HTTP port number (Default = 80)
  • HTTPS port number (Default = 443)


If you change the HTTP/HTTPS ports, any connected STBs lose connection and need to be redirected to the new port. This can be done manually through the settings on the STB. However, we recommend that you contact Haivision Technical Support if you intend to change port settings and automatically migrate your STBs.

SSL ProtocolsTo specify which TLS (Transport Layer Security) versions are accepted, select from the drop-down list: TLS v1, TLS v1.1, TLS v1.2.
SSL Ciphers

To specify which SSL Ciphers are accepted, select from the drop-down list or enter the cipher name:

Subnet / Mask

(Block Local User Login must be enabled) Add subnet IP addresses and masks to whitelist for local user logins.


When no subnets are specified, HMP blocks all local user logins.

Advisory Notice & Consent Banner
Advisory Notice

When enabled, the banner appears when users sign in (Console UI, SSH, and Web interface) and remains on the screen until the user acknowledges the usage conditions and takes explicit actions for further access. The banner is typically an advisory/warning notice to be displayed before the Sign-in page.

To enable the banner (as shown in the text box), toggle the Advisory Notice button to On and enter the banner text into the Message text box.

Lock Settings Button

When enabled, the STB no longer responds to the

Settings button being pressed on the Haivision Play 2000/4000 STB remote.

Block Local User Login

To block local users from being able to sign into the HMP web interface, toggle this button to On. Use the Allowed Subnets address and mask fields to whitelist IP addresses that may sign in using local user accounts. When users are blocked from signing in, they are simply given an incorrect username or password error.


  • This option does not affect public links nor users signing in via directory services (LDAP/AD/SSO) or Just-in-Time user provisioning.
  • If you inadvertently set the wrong Allowed Subnets and can no longer sign into the web UI, please see Disabling Web UI Block via SSH.


Video Player
Custom HLS Buffer

To tune the HLS video buffer, toggle the Custom HLS Buffer button to On and enter the desired HLS Buffer Length.


Modifying the default HLS buffer length may affect streaming reliability.

HLS Buffer LengthEnter the desired buffer length. Range: 1–40 seconds.


Static Helper URL

To specify a fixed hostname for the multicast agent download, toggle the Static Helper URL button to On.


For multicast streaming, Haivision Helper includes a valid SSL certificate that uses a wildcard name. This option allows organizations to use a static address instead. (This is useful in environments without access to the Internet or a DNS server.)

For more information, refer to "Haivision Media Platform Integration" in the Haivision Helper Installation Guide.

Peer to Peer (P2P)

Enter the Haivision P2P key to enable the ability to configure locations for P2P HLS streaming. See Configuring HMP for Haivision Peer-to-Peer Video Delivery for more details.


Haivision Peer-to-Peer on HMP is currently in Preview Mode.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.