After upgrading to APM 10.x to get the TLS 1.1 & 1.2 support for the TIM the TLS 1.1 transactions are being recorded successfully, but the TLS 1.2 transactions are not. Is TLS 1.2 still not supported with APM 10.x?
Make these changes to get timlog*.txt files for analysis:
1. "Configure Tim Settings" and set MaxLogSizeInMB to 200
2. "Configure Tim Trace Options" and set 3 options: "Trace HTTP components", "Trace connections" , "Trace SSL errors"
The logs showed this type of Warning for TLS 1.2 transactions and unknown ciphersuites 156 and 157:
Trace: w11: Version: TLS 1.2 CipherSuite - Unknown (157) [xxx.xxx.xxx.xxx.]:49876->[yyy.yyy.yyy.yyy.]:443
! Warning: w11: sslprint: Unknown CipherSuite - 157
! Warning: w11: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 13700999, packet 1542659108, [xxx.xxx.xxx.xxx.]:49876->[yyy.yyy.yyy.yyy.]:443 ; ignoring further data
The corresponding ciphersuites for values 156 & 157 can be determined from the TLS Cipher Suite Registry
156 (0x9C) and 157(0x9D) are the 2 GCM ciphers TLS_RSA_WITH_AES_128_GCM_SHA256 & TLS_RSA_WITH_AES_256_GCM_SHA384
GCM ciphersuites are not supported by TIM
Disable the GCM ciphersuites on the web server to prevent the browser <-> web-server SSL handshake from using them.