Thing is - we could use the HotrFixes blind - but that will not mean that these will fix issues.
So far there are hotfix's that address specific issues - like micro-misalignment in the 3way handshake phase, or not crashing on SSL packets with empty payload etc. So in that regard Hal and Lynn are right.
The unsupported cipher tag usually tells us that the used cipher is not compatible with the one in the TIM. So TIM has already identified the traffic type (TLS v1.0/1.2/1.3) etc., but the cipher combination is not correct.
Decode failures usually come from a missing IKE set.
I'm afraid this will require us to actually check the traffic again that is onsite - and will require us to do a health-check of the installation again.
Any chance you could provide us some data using the apm-scripts -> On public github now>
GitHub - CA-APM/fieldpack.apm-scripts: Provides scripts to collect data for troubleshooting an APM 9.x or later installa…
Please get a SYS/TIM and PCAP. A TIMPERF would also be welcome.
Before we can provide you the right HotFix, we need to know which one would actually address the issues you are seeing. But for that we need to know what the issue is.