As time goes on, browsers, networks, and web servers have grown security. In one case we have seen that the "Encrypt_then_MAC Extension" has been enabled in the customer's network. Since our PCA software does not know how to strip the MAC address to find the SSL key, we fail to recognize the key and fail to decrypt the packet. Hence, TeaLeaf will not see hits that were captured with this Encrypt_then_MAC Extension.

We had a similar difficulty with Extended Master Secret extension and cured that problem. This issue was corrected in 3682-12 and later versions of the PCA.

Since Encrypt_then_MAC means that the server's or customer's MAC address has been appended to the SSL key. Stripping the MAC address from keys with this feature enabled should be fairly simple. That is, the MAC address will be a know number of characters. We should be able to strip the MAC and use the resulting characters should be the SSL key.