TIM shows SSL decode failures for TLS 1.x packets which use extension "Extended Master Secret" & TIM log contains message “Block size greater than Plaintext!"

Document ID : KB000005473
Last Modified Date : 14/02/2018
Show Technical Document Details

The TIM is showing SSL decode failures for TLS 1.x traffic which has the "Extended Master Secret" TLS extension enabled. Research shows:

APM TIM 9.x, 10.x

The TIM does not support the Extended Master Secret (EMS) extension. Typical implementations are:

1. Microsoft IIS web servers are being used and a Microsoft security update 3081320 has been applied which enables the Extended Master Secret extension for all TLS versions: Microsoft Security Bulletin MS15-121 - Important > Security Update for Schannel to Address Spoofing (3081320)

2. An F5 Load Balancer is being used which has Extended Master Secret enabled.


To workaround the problem Extended Master Secret needs to be disabled:

1. The security update 3081320 needs to be uninstalled or disabled via a registry update: MS15-121: Security update for Schannel to address spoofing: November 10, 2015

2. Disable Extended Master Secret on the F5 Load Balancer: AskF5 Home > K66202244 > K66202244: Support for RFC 7627 extended master secret extension

Additional Information:

A new platform is being developed for the TIM which will be more flexible and will allow the option of receiving unencrypted data directly from the web servers via a plugin extension. The first release will be tentatively available at end of calendar year 2017.