The "TIM SSL Servers" page shows about 90% of "Connections with decode failures" out of "Total connections", and more than half of them are "Unsupported cipher suites". 

<Please see attached file for image>

  The TIM log ("timlog.txt") shows repeated warning messages like the one below:

  3587 ! Warning: w20: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 277107, packet 60792088, [<ip_address>]:39919->[<ip_address>]:443; ignoring further data

 

DH/DHE (Diffie-Hellman) cipher suites are not supported by TIM.

Web Server is running on WIN2012 R2. APM/TIM 10.0 installed. TIM is not on a MTP.

  Any DH/DHE (Diffie-Hellman) cipher suites should be taken out of cipher suites configuration on the Web Server, so that packets containing those cipher suites do not get forwarded  to TIM. 

  * Cipher Suites configuration on the web server.

Initially:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AK3LAAW" alt="image001_6.png" width="817" height="501">

After DH/DHE cipher suites were removed:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AK3MAAW" alt="image002_1.png" width="787" height="469">

 After the above change is made (mainly in the "SSL Cipher Suite Order" section), there are no longer "Unsupported cipher suites" messages.

 TEC1667615: Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?