search cancel

Getting a high percentage rate of SSL decode failures and "Unknown cipher suite" error messages in the TIM log.


Article ID: 4098


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE


 The "TIM SSL Servers" page shows about 90% of "Connections with decode failures" out of "Total connections", and more than half of them are "Unsupported cipher suites". 

<Please see attached file for image>


  The TIM log ("timlog.txt") shows repeated warning messages like the one below:

  3587 ! Warning: w20: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 277107, packet 60792088, [<ip_address>]:39919->[<ip_address>]:443; ignoring further data



Web Server is running on WIN2012 R2. APM/TIM 10.0 installed. TIM is not on a MTP.


DH/DHE (Diffie-Hellman) cipher suites are not supported by TIM.


  Any DH/DHE (Diffie-Hellman) cipher suites should be taken out of cipher suites configuration on the Web Server, so that packets containing those cipher suites do not get forwarded  to TIM. 

  * Cipher Suites configuration on the web server.


<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AK3LAAW" alt="image001_6.png" width="817" height="501">

After DH/DHE cipher suites were removed:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AK3MAAW" alt="image002_1.png" width="787" height="469">

 After the above change is made (mainly in the "SSL Cipher Suite Order" section), there are no longer "Unsupported cipher suites" messages.

Additional Information

 TEC1667615: Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?


1558708521731000004098_sktwi1f5rjvs16r3x.png get_app
1558708519619000004098_sktwi1f5rjvs16r3w.png get_app
1558708517550000004098_sktwi1f5rjvs16r3v.png get_app