Which Cipher Suites are supported by CA APM CEM/TIM for decoding SSL hosted applications and how can I check those against the Ciphers installed on my web servers?

Document ID : KB000031391
Last Modified Date : 16/07/2018
Show Technical Document Details

1. Which Cipher Suites are supported CEM/TIM for decoding SSL hosted applications?

2. How can I check those against the Ciphers installed on my web servers?


1. CEM supports the following algorithms for the symmetrical encryption of data: DES, Triple DES, RC4, RC2, and AES. Both U.S.-exportable and non-U.S.-exportable versions of all supported symmetrical ciphers are supported. All ciphers provided with the installed TIM openssl library are supported except these:

  • DH or DHE ciphers (Diffie-Hellman)
  • Camellia
  • TLS-PSK (Wikipedia: TLS-PSK)   (Added July 2016)

2. The following public GitHub link contains a script apm-interact.sh which has a CIPHER option: CA-APM/fieldpack.apm-scripts
That checks the installed cipher suites on the current device against a remote web server hostname and port number. If a match is found then it will report a success, otherwise a failure will be registered. At the end of the Check, a logfile will be created separating supported ciphers with non supported ciphers by the remote web server. If the script is executed from the TIM, the compatible ciphers of the openssl library used by the TIM will be checked against the openssl library (or similar) of the provided remote web server.


Additional Information:
Acknowledgement to Joerg Mertin (CA APM Engineering Services) for providing this information and the scripts.
A copy of the check_ciphers.sh script with full instructions is also attached to this article.
File Attachments: