Four things to investigate before opening an APM TIM SSL/TLS Case.

Document ID : KB000010872
Last Modified Date : 14/02/2018
Show Technical Document Details

This is a knowledge doc based on 

All supported APM CEM TIM releases

Here are four questions to help you eliminate common network and TIM issues associated with SSL/TLS:


Question #1: Are there issues with my network setup?
Very often, network and SSL issues are interrelated. If the network traffic is one-way, filtered out, empty or small packets, having dropped and out of order packets, then SSL traffic may not appear correctly or at all.


See below for possible next steps: SSL Decode failures -- Why can't I record? -- Private keys



Question #2 Are my private key and passphrase in order?
Often, APM admins are given private keys from their web server, firewall, and load balancer admins. However, they must trust that they received the right key in the correct format with the correct passphrase (including if in upper, lower, or mixed case). This may not be the case. To verify, compare the modulus of the certificate from the server with the private key that you were given. See How do I verify that a private key matches a certificate? (OpenSSL) .


Question #3 Am I using a supported TLS ciphersuite or TLS extension/feature?
If you get an unsupported cipher suite message in the TIM log, compare the ciphersuite number against a list such as learn more about the specific ciphersuite. 


Also see for further details   -- Supported TLS cipher suites -- Master secret   -- SSL session ticket


Question #4: Am I using TLS 1.1/1.2? 
Your application may use TLS 1.1/1.2. APM TIM supports this feature with all current releases. But sometimes people forget to set explicitly DisableTLS11And12RecordsProcessing to 0 (Enable). Note by default this is implicitly set to 1 (Disable).


Next steps

By having gone through these four questions, you know that you are not having common networking and SSL issues. At this point, it is likely time to open a case providing such items as a HTTP/HTTPS trace (pcap, Fiddler trace, or equivalent), a TIM log with SSL. HTTP Components/Parameters, and networking addresses trace settings enabled. Ideally these should be both at the same time to perform event correlation.