TIM Unable to decode TLS_RSA_WITH_AES_128_GCM_SHA256 SSL Cipher Suite.

Document ID : KB000031693
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Question:

 

I have an HTTPS application that I am trying to monitor with APM CE (CEM) TIM. It is using the TLS_RSA_WITH_AES_128_GCM_SHA256  cipher suite and the TIM is unable to decode the SSL traffic. Why is this?

 

Answer:

This cipher suite is not supported. If used the TIM log shows an error like below:

Mon Sep  7 15:36:05 2015 28051 ! Warning: w7: sslprint: Unknown

CipherSuite - 156 Mon Sep  7 15:36:05 2015 28042 ! Warning: w4:

 sslprint: Unknown CipherSuite - 156 Mon Sep  7 15:36:05 2015 28051 !

 Warning: w7: sslinterface: network_process_packet: error 10

 (unsupported ciphersuite), conn 49088, packet 8839295,

 

The TIM is passively listening to traffic from the switch. Decoding SSL traffic requires supporting SSL ciphers that can decrypt the content based on the private key. However, this cipher suite uses authenticated encryption (AEAD type). This requires support for additional authentication tags for decryption. So presently, consider using another supported cipher suite instead.  

 

Additional Information:

 

More detail on supported cipher suites can be found in the following KB: http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1667615.aspx

And the official GCM Cipher suite specification: https://tools.ietf.org/html/rfc5288