This explains the relationship between the TIM setting DisableTLS11And12RecordsProcessing and TLS 1.1/1.2 processing available in APM 10.x and as a hotfix in some earlier APM 9.x releases.
We would like to implement TLS 1.1/1.2 processing in APM 10.x and as a hotfix in some earlier APM 9.x releases. How does the TIM setting DisableTLS11And12RecordsProcessing impact this?
The DisableTLS11And12RecordsProcessing is available in APM 9.1.7 and later.
In APM 9.17, this TIM setting changed the error message as outlined in TEC1360186. It also fixed some TLS 1.1/1.2 compatibility issues. But it did not provide full TLS 1.1/1.2 processing until provided as a hotfix in some earlier APM 9.x releases and in APM 10.
Six very important notes:
- DisableTLS11And12RecordsProcessing will show up in the TIM log after startup whether explicitly set or not.
- Adding this setting does not require a TIM restart.
- If this parameter is not found in the TIM Setting, then the default would disable any processing of TLS 1.1/1.2. Adding DisableTLS11And12RecordsProcessing in the TIM setting will use these values:
- DisableTLS11And12RecordsProcessing = 1, will disable the process of TLS 1.1/1.2.
- DisableTLS11And12RecordsProcessing = 0, will enable processing of TLS 1.1/1.2.
- So, DisableTLS11And12RecordsProcessing=1 (Default) means no TLS 1.1 decoding is done. Else, DisableTLS11And12RecordsProcessing=0 means that you want to decode TLS 1.1/1.2 records. This will be the recommended setting in most cases since modern browsers enable TLS 1.1/1.2 by default.
- If you have an APM 9.x release with HF or APM 10, don't forget to set DisableTLS11And12RecordsProcessing to 0. Otherwise you will never see TLS 1.1/1.2 decoding.
- Also note that enabling this parameter will increase the load on the TIM, including CPU, memory and load.
1. What does the TIM log message "Warning: w15: sslinterface: network_process_packet: error 7 (bad data)... ignoring further data" mean?
2. APM Support for TLS 1.1/1.2 -- http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec614225.aspx