cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issue with SSL and TomEE Servers

Hello,

Our client is migrating their applications from GlassFish to TomEE servers. While the SSL key has not been changed, we are no longer able to decrypt SSL traffic with the AMD. Note: Even traffic from a tcpdump and later opened in Wireshark is not decryptable.

However, if we run a jSSLKEYLOG file on the TomEE serever during the Wireshark or tcpdump capture, Wireshark will decrypt the traffic.

Has anyone else experienced this with TomEE (or another OS/platform). Will the AMD accept a jSSLOGKEY file?

Thanks and God bless,
Genesius

5 REPLIES 5

Erik_Soderquist
Dynatrace Pro
Dynatrace Pro

If I am understanding correctly, the 'jSSLOGKEY' file is recording the per session individual session keys, and this normally can't be used for on the fly decryption; only after the fact.

My suspicion is that the new platform is using Diffie-Hellmen based ciphers, which are by design impossible for a third party to decrypt even with the private key.

-- Erik

@Erik S.

We have confirmed with the client, through www.ssllabs.com, that they are using RSA 2048 bits.

Thanks and God bless,
Genesius

"RSA 2048" is the key/certificate type, and has no bearing on the cipher suite used.

I ran a couple tests on www.ssllabs.com to see what information it provided; in its results, look for the "Cipher Suites" section. I expect you will find several listed with "DH" (refers to Diffie-Hellman) as part of the name, "ECDHE" (Eliptic Curve Diffie-Hellman Ephemeral) is currently the most used variant.

-- Erik

@Erik S.

Checking a frame within Wireshark it indicates that the cipher suite used from the server is

Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Thanks and God bless,
Genesius

TLS_RSA_WITH_3DES_EDE_CBC_SHA should be decrypted without any issue by the AMD; what does the AMD's

rcmd ssldecr status Server_IP_address

report on this?

-- Erik