I have an HTTPS application that I am trying to monitor with APM CE (CEM) TIM. It is using the TLS_RSA_WITH_AES_128_GCM_SHA256 cipher suite and the TIM is unable to decode the SSL traffic. Why is this?
This cipher suite is not supported. If used the TIM log shows an error like below:
Mon Sep 7 15:36:05 2015 28051 ! Warning: w7: sslprint: Unknown
CipherSuite - 156 Mon Sep 7 15:36:05 2015 28042 ! Warning: w4:
sslprint: Unknown CipherSuite - 156 Mon Sep 7 15:36:05 2015 28051 !
Warning: w7: sslinterface: network_process_packet: error 10
(unsupported ciphersuite), conn 49088, packet 8839295,
The TIM is passively listening to traffic from the switch. Decoding SSL traffic requires supporting SSL ciphers that can decrypt the content based on the private key. However, this cipher suite uses authenticated encryption (AEAD type). This requires support for additional authentication tags for decryption. So presently, consider using another supported cipher suite instead.
More detail on supported cipher suites can be found in the following KB: http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1667615.aspx
And the official GCM Cipher suite specification: https://tools.ietf.org/html/rfc5288