Share your ideas

Enable PCA software to deal with the Encrypt_then_MAC extension.

As time goes on, browsers, networks, and web servers have grown security. In one case we have seen that the "Encrypt_then_MAC Extension" has been enabled in the customer's network. Since our PCA software does not know how to strip the MAC address to find the SSL key, we fail to recognize the key and fail to decrypt the packet. Hence, TeaLeaf will not see hits that were captured with this Encrypt_then_MAC Extension.


We had a similar difficulty with Extended Master Secret extension and cured that problem. This issue was corrected in 3682-12 and later versions of the PCA.


Since Encrypt_then_MAC means that the server's or customer's MAC address has been appended to the SSL key. Stripping the MAC address from keys with this feature enabled should be fairly simple. That is, the MAC address will be a know number of characters. We should be able to strip the MAC and use the resulting characters should be the SSL key.

  • Thanh Tran
  • Dec 1 2022
How will this idea be used?

Because of this issue, The DB Insurance system is not working at all for one year. We are not able to use Tealeaf product.

What is your industry? Insurance
What is the idea priority? Urgent