Problem:

After upgrading to APM 10.x to get the TLS 1.1 & 1.2 support for the TIM the TLS 1.1 transactions are being recorded successfully, but the TLS 1.2 transactions are not. Is TLS 1.2 still not supported with APM 10.x?

Cause:

Make these changes to get timlog*.txt files for analysis:

1. "Configure Tim Settings" and set MaxLogSizeInMB to 200 

2. "Configure Tim Trace Options" and set 3 options: "Trace HTTP components", "Trace connections" , "Trace SSL errors" 

The logs showed this type of Warning for TLS 1.2 transactions and unknown ciphersuites 156 and 157:

===

Trace: w11: Version: TLS 1.2 CipherSuite - Unknown (157) [xxx.xxx.xxx.xxx.]:49876->[yyy.yyy.yyy.yyy.]:443 

! Warning: w11: sslprint: Unknown CipherSuite - 157 

! Warning: w11: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 13700999, packet 1542659108, [xxx.xxx.xxx.xxx.]:49876->[yyy.yyy.yyy.yyy.]:443 ; ignoring further data 

===

The corresponding ciphersuites for values 156 & 157 can be determined from the TLS Cipher Suite Registry

156 (0x9C) and 157(0x9D) are the 2 GCM ciphers TLS_RSA_WITH_AES_128_GCM_SHA256  & TLS_RSA_WITH_AES_256_GCM_SHA384 

GCM ciphersuites are not supported by TIM

Resolution:

Disable the GCM ciphersuites on the web server to prevent the browser <-> web-server SSL handshake from using them.

Additional Information:

TEC1173225: There is additional support for TLS 1.1/1.2 in APM TIM 10.x and 9.6/9.7 Hot Fixes, but what are their supported ciphersuites

TEC1667615: Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?