The CA APM TIM log is showing "TLS 1.2 CipherSuite - Unknown (49200)" but how do I find the name of the unsupported ciphersuite to disable in my web server.

Document ID : KB000042162
Last Modified Date : 23/07/2018
Show Technical Document Details
Question:

With "Trace SSl Errors" enabled for CA APM TIM tracing, the TIM log is showing "TLS 1.2 CipherSuite - Unknown (49200)". How do I find the name of the unsupported cipher suite to disable in my web server to allow TIM to process the packets.

Answer:

CA APM TIM does not support certain ciphersuites which may be displayed with numeric identifier instead of a name.
The TLS Cipher Suite Registry can be used to look up the ciphersuite name e.g.

49200 is hex value 0xC030 and corresponds to ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Diffie-Hellman/Elliptic Curve Diffie-Hellman and GCM ciphers are not supported by TIM

Additional Information: