Our client is migrating their applications from GlassFish to TomEE servers. While the SSL key has not been changed, we are no longer able to decrypt SSL traffic with the AMD. Note: Even traffic from a tcpdump and later opened in Wireshark is not decryptable.
However, if we run a jSSLKEYLOG file on the TomEE serever during the Wireshark or tcpdump capture, Wireshark will decrypt the traffic.
Has anyone else experienced this with TomEE (or another OS/platform). Will the AMD accept a jSSLOGKEY file?
Thanks and God bless,
If I am understanding correctly, the 'jSSLOGKEY' file is recording the per session individual session keys, and this normally can't be used for on the fly decryption; only after the fact.
My suspicion is that the new platform is using Diffie-Hellmen based ciphers, which are by design impossible for a third party to decrypt even with the private key.
"RSA 2048" is the key/certificate type, and has no bearing on the cipher suite used.
I ran a couple tests on www.ssllabs.com to see what information it provided; in its results, look for the "Cipher Suites" section. I expect you will find several listed with "DH" (refers to Diffie-Hellman) as part of the name, "ECDHE" (Eliptic Curve Diffie-Hellman Ephemeral) is currently the most used variant.