Question:  

A customer has a large amount of SSL decode failures. In their case, TIM SSL server statistics since 12 A.M. Monday show 229,624 connections with 16,672 decode failures (7%) and zero for unsupported cipher suites.  They want to know if there can be any connections with zero decode errors?

Answer: 

Given that decode failures can be caused while the packet is moving through the network, due to ssl cipher suites, dirty traffic, empty TCP packets, and other situations, 7% is not beyond a normal expectation.  It would be unexpected to ever see zero unless the network is underutilized.