Document ID: TEC596473
Last Modified Date: 7/31/2013
Authored By: Amir-Mushtaq
- CA Application Performance Management
- CUSTOMER EXPERIENCE MANAGER
Description:The following warnings are coming up on the TIM log after enabling SSL tracing.Warning: sslprint: Unsupported CipherSuite - 57 (TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
Warning: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 11745060, packet 187519287, [<IPAddress>]:20843->[<IPAddress>]:2221; ignoring further dataPlease explain what could be the possible reason for these warning messages..
Solution:TIM is designed for passive decryption, but Diffie-Hellman is designed so that passive decryption is impossible.
There are a couple of known Cipher Suites which TIM cannot decode.
- Any of the Diffie Hellman suites TLS_DH or TLS_DHE ones) e.g.
- TLS_RSA based ciphersuites which use DES or 3 DES for e.g
The warning message in the TIM log is simply indicating that the cipher suite is not supported.
Using this ciphersuite should not impact TIM performance.
If it is important to decode the application traffic, consult with your application server team to use another ciphersuite.
TIM uses the ssldecode library for its SSL decoding process. The following ciphers are supported by TIM based on testing: