Some SSL hits missing from Firefox browser sessions

Note: Unica Discover Network Capture Application supports the SSL TLSv1 Session Ticket extension. If you have this extension enabled on your web server, the DNCA can properly capture all session data.

When sessions are initiated in the Firefox version 3 browser and then resumed later, SSL hits are not being decrypted. They are therefore missing from the captured traffic.

  • This issue is not displayed over non-SSL traffic.
  • This issue is not known or displayed in any browser other than Firefox 3.

This issue occurs because of an SSL extension feature that is implemented in version 3 of Firefox and in the OpenSSL modules use in the latest Apache web servers (and possibly other web servers). A new SSL TLSv1 protocol extension (RFC-5077) for stateless session resumption, known as SessionTicket extension, encrypts the SSL state information, which is used only if both the client browser and the web server comply with the standard.

Discover does not support this SSL extension feature. If you install or upgraded to the latest Apache server v2.2 build within the last few months, it is likely that you are impacted by this new extension. Following instructions are provided for disabling this extension in Apache.

Note: You must disable this feature in your web servers.