search cancel

The CA APM TIM log is showing "TLS 1.2 CipherSuite - Unknown (49200)" but how do I find the name of the unsupported ciphersuite to disable in my web server.

book

Article ID: 42162

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) INTROSCOPE

Issue/Introduction



With "Trace SSl Errors" enabled for CA APM TIM tracing, the TIM log is showing "TLS 1.2 CipherSuite - Unknown (49200)". How do I find the name of the unsupported cipher suite to disable in my web server to allow TIM to process the packets.

Environment

Release: CEMUGD00200-9.7-Introscope to CA Application-Performance Management-Upgrade Main
Component:

Resolution

CA APM TIM does not support certain ciphersuites which may be displayed with numeric identifier instead of a name.
The TLS Cipher Suite Registry can be used to look up the ciphersuite name e.g.

49200 is hex value 0xC030 and corresponds to ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Diffie-Hellman/Elliptic Curve Diffie-Hellman and GCM ciphers are not supported by TIM

Additional Information

See related KB article: 

Which Cipher Suites are supported by CA APM CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?