The "TIM SSL Servers" page shows about 90% of "Connections with decode failures" out of "Total connections", and more than half of them are "Unsupported cipher suites".
<Please see attached file for image>
The TIM log ("timlog.txt") shows repeated warning messages like the one below:
3587 ! Warning: w20: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 277107, packet 60792088, [<ip_address>]:39919->[<ip_address>]:443; ignoring further data
DH/DHE (Diffie-Hellman) cipher suites are not supported by TIM.
Any DH/DHE (Diffie-Hellman) cipher suites should be taken out of cipher suites configuration on the Web Server, so that packets containing those cipher suites do not get forwarded to TIM.
* Cipher Suites configuration on the web server.
Initially:
<Please see attached file for image>
src="/servlet/servlet.FileDownload?file=0150c000004AK3LAAW" alt="image001_6.png" width="817" height="501">After DH/DHE cipher suites were removed:
<Please see attached file for image>
src="/servlet/servlet.FileDownload?file=0150c000004AK3MAAW" alt="image002_1.png" width="787" height="469">After the above change is made (mainly in the "SSL Cipher Suite Order" section), there are no longer "Unsupported cipher suites" messages.