There is additional support for TLS 1.1/1.2 in APM TIM 10.x and 9.6/9.7 Hot Fixes, but what are their supported ciphersuites.

Document ID : KB000057305
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

There is additional support for TLS 1.1/1.2 in APM TIM 10.x and 9.6/9.7 Hot Fixes, but what ciphersuites does the TIM support for those new TLS versions.

 

Answer:

The required changes to support TLS 1.1/1.2 have been embedded in the TIM/ssldump programs/libraries themselves and do no rely on the OpenSSL version installed being able to support TLS 1.1/1.2 (OpenSSL 1.0.1 +)

There is no specific list of supported ciphers for the TIM and it should be able to support all ciphers except for these: 

  • DH/DHE (Diffie-Hellman) 
  • Camellia 
  • GCM/AEAD

 

Additional Information:

If you are using supported ciphers in your TLS 1.2 environment and TIM is still failing to decrypt the packets ("Tim SSL Server Status" page shows decode failures) please raise a case with Support to enable analysis of a packet capture file (pcap) to determine the root cause.