Understanding HLS: HTTP Live Streaming and Its Encryption Features for Enterprise use


HTTP Live Streaming (HLS) is a popular adaptive bitrate streaming protocol developed by Apple Inc. It is widely used to deliver high-quality media content over the internet in real-time, enabling seamless streaming of live events and video-on-demand (VOD) services. This article will provide an overview of how HLS works and explore the security features available to protect your content, including encryption methods and DRM (Digital Rights Management). 

It is important to note that HLS is one of the most widely adopted streaming protocols globally, but stands out from the other similar technologies such as RTMP, RTSP and MPEG-DASH because of its simplicity and stronger adoption on mobile platforms, specifically iOS and Apple devices. Its popularity can be attributed to several factors, including:

  1. Device compatibility: HLS is natively supported on a wide range of devices, including iOS, Android, macOS, and Windows platforms. This broad support increases its adoption by streaming service providers, as it ensures a seamless experience for viewers across various devices.
  2. Adaptive bitrate streaming: HLS’s ability to adapt to different network conditions and device capabilities makes it a preferred choice for delivering high-quality content over the internet. This feature ensures smooth and uninterrupted streaming experiences for viewers.
  3. Content protection: HLS’s built-in encryption features enable content creators and service providers to secure their media and prevent unauthorized access. This is crucial for premium and copyrighted content.
  4. Scalability: HLS is designed to work well with content delivery networks (CDNs), enabling efficient and scalable delivery of media to a large number of viewers worldwide.

Support of HLS in Web browsers

Support of HLS in web browsers is generally good. Most major browsers, including Chrome, Firefox, Safari, and Edge, support HLS natively. This means that you can play HLS streams in these browsers without having to install any additional plugins or extensions.

There are a few exceptions to this rule. For example, Internet Explorer does not support HLS natively. However, there are a number of third-party plugins that can be used to add HLS support to Internet Explorer.

Overall, the state of native support of HLS in web browsers is good. If you want to play HLS streams in your web browser, you should be able to do so without any problems.

Here is a table of native HLS support in major web browsers:

Chrome4 and upYes
Firefox2 and upYes
Safari3.2 and upYes
Edge12 and upYes
Internet ExplorerNo (requires third-party plugin)

HLS Workflow: How it Works

  1. Media segmentation: The source media file is broken down into smaller chunks, usually ranging from 2 to 10 seconds each. These segments are typically encoded in the H.264 video codec and AAC audio codec for compatibility with a wide range of devices.
  2. Creating multiple bitrate versions: To accommodate varying network conditions and device capabilities, the media is encoded at different bitrates. This allows the client to choose the best quality stream based on its current bandwidth and performance.
  3. Generating playlists: For each bitrate version, a Media Playlist (M3U8 file) is created. This file contains the URIs of the media segments and additional metadata, such as segment duration and sequence numbers. A Master Playlist is also generated, which lists all the available Media Playlists and their respective bandwidths, resolutions, and codecs.
  4. Content delivery: The media segments and playlists are hosted on a web server or content delivery network (CDN), allowing clients to access and download the content using standard HTTP requests.
  5. Adaptive streaming: The client starts by requesting the Master Playlist to determine the best Media Playlist based on its current network conditions and device capabilities. The client then downloads and plays the media segments sequentially. During playback, the client continuously monitors its performance and adjusts the selected bitrate accordingly, ensuring a smooth and uninterrupted streaming experience.

HLS Encryption for Content Security

To protect copyrighted content and prevent unauthorized access, HLS provides an encryption feature that secures the media segments using the Advanced Encryption Standard (AES). The encryption process follows these steps:

  1. Key generation: A unique encryption key (a 128-bit or 256-bit AES key) is generated for each piece of content. This key will be used to encrypt and decrypt the media segments.
  2. Media encryption: Each media segment is encrypted using the AES encryption algorithm and the generated key. The encrypted segments are then saved on the web server or CDN.
  3. Key distribution: The encryption key must be securely distributed to authorized clients. This can be done using various methods, such as:
    a. Storing the key on a separate server and securing it with authentication and access control mechanisms. b. Transmitting the key over a secure channel, such as HTTPS or a secure token-based system.
  4. Updating playlists: The Media Playlists are updated to include a reference to the key, which is required for decryption. This reference is typically a URI pointing to the key’s location on the key server.
  5. Client-side decryption: Authorized clients fetch the encryption key and use it to decrypt the downloaded media segments during playback.

How to create HLS Content? (Technical details)

Hosting HLS content involves preparing the media files and setting up a web server or content delivery network (CDN) to serve those files to viewers. Here’s a step-by-step guide to host your HLS content:

  1. Prepare your HLS content:

Use a video processing tool like FFmpeg to convert your video into HLS format. This involves segmenting the video into small chunks (.ts files) and creating playlists (.m3u8 files) that reference those chunks. You can create single or multi-bitrate streams depending on your requirements.

In this example we use ffmpeg ( a powerful, open-source multimedia processing tool )that can be used to create HLS (HTTP Live Streaming) content. The following is a basic command-line reference for using FFmpeg to generate an HLS stream. Please note that you may need to modify the commands to suit your specific requirements and input formats.

  1. Single bitrate HLS stream:

To create a single bitrate HLS stream, use the following command:


ffmpeg -i input.mp4 -codec:v libx264 -codec:a aac -map 0 -f hls -hls_time 4 -hls_list_size 0 -hls_segment_filename “output_%03d.ts” output.m3u8

In this command:

-i input.mp4: Specifies the input file (replace input.mp4 with your source video file)

-codec:v libx264 -codec:a aac: Sets the video codec to H.264 and the audio codec to AAC

-map 0: Includes all streams from the input file

-f hls: Specifies the output format as HLS

-hls_time 4: Sets the duration of each HLS segment to 4 seconds (you can adjust this value as needed)

-hls_list_size 0: Generates an unlimited HLS playlist (set to a specific number for a limited playlist)

-hls_segment_filename “output_%03d.ts”: Sets the naming format for the HLS segments (replace output with your desired prefix)

output.m3u8: Specifies the output playlist file (replace output.m3u8 with your desired playlist name)

  1. Multi-bitrate HLS stream:

Multi-bitrate HLS stream


ffmpeg -i input.mp4 -map 0 -codec:v libx264 -codec:a aac -s:v:0 1280×720 -b:v:0 3000k -s:v:1 854×480 -b:v:1 1500k -s:v:2 640×360 -b:v:2 800k -f hls -hls_time 4 -hls_list_size 0 -hls_segment_filename “output_%v/output_%03d.ts” -var_stream_map “v:0,a:0 v:1,a:0 v:2,a:0” output.m3u8

In this command:

-s:v:0 1280×720 -b:v:0 3000k: Sets the resolution and bitrate for the first video stream (720p)

-s:v:1 854×480 -b:v:1 1500k: Sets the resolution and bitrate for the second video stream (480p)

-s:v:2 640×360 -b:v:2 800k: Sets the resolution and bitrate for the third video stream (360p)

-hls_segment_filename “output_%v/output_%03d.ts”: Sets the naming format for the HLS segments per bitrate version (replace output with your desired prefix)

-var_stream_map “v:0,a:0 v:1,a:0 v:2,a:0”: Maps the video and audio streams for each bitrate version (update this according to the number of bitrate versions you create)

These commands will generate the necessary HLS segments and playlists. Once generated, you can host them on a web server or content delivery network (CDN) for streaming.

Remember that FFmpeg provides a vast array of options for customizing your HLS stream. You can refer to the official FFmpeg documentation for more

  1. Choose a hosting solution:

There are two main options for hosting HLS content:

a. Web server: You can host HLS content on a web server like Nginx or Apache. This option is suitable for small-scale streaming with limited viewers or for testing purposes. For larger audiences, consider using a CDN.

b. Content Delivery Network (CDN): A CDN is a network of servers distributed across multiple geographical locations, which caches and delivers your content to viewers efficiently. CDNs are recommended for hosting HLS content, as they provide faster load times, lower latency, and better performance, especially for large-scale streaming.

  1. Test your HLS stream:

Once your HLS content is hosted, test the stream by accessing the playlist URL in an HLS-capable player. This can be a web-based player like hls.js or video.js, or standalone players like VLC and Safari. Verify that the stream plays smoothly and adapts to different network conditions.

By following these steps, you can host your HLS content and ensure a smooth streaming experience for your viewers.


HLS is a widely adopted streaming protocol that ensures a smooth and high-quality streaming experience for viewers. By utilizing adaptive bitrate streaming and offering encryption features, HLS provides a flexible and secure solution for delivering live and on-demand content over the internet. As a content creator or service provider, understanding the inner workings of HLS and its security features will help you make informed decisions on how to protect and distribute your valuable media content.

CircleHD Enterprise Video Platfrom supports HLS transcoding and takes care of video security including access control management and analytics out of the box. so your team can focus on the growing use case of video adoption. To request a demo, please contact us here.