DX Application Performance Management

Expand all | Collapse all

The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

Jump to Best Answer
  • 1.  The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Posted 07-14-2014 02:32 PM

    I need to know if the new version of APM came with support to TLS 1.1 and 1.2 protocol!

     

    Thanks,

    Diego Lacerda



  • 2.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Posted 07-17-2014 01:10 AM

    I dont think it was supported in 9.6. I was testing 9.6 TIM as software with Big IP Clone Pools in Non-Prod Env and saw the TLS 1.1/1.2 unsupported messages in Tim logs.

     

    Thu Jul 17 00:56:07 2014  8670 ! Warning: sslinterface: network_process_packet: error 11 (unsupported TLS 1.1/1.2 records), conn 100696, packet 135204, [x.x.x.x]:28094->[x.x.x.x]:443; ignoring further data

    Thu Jul 17 00:56:07 2014  8670 ! Warning: sslinterface: network_process_packet: error 11 (unsupported TLS 1.1/1.2 records), conn 100697, packet 135205, [x.x.x.x]:28095->[x.x.x.x]:443; ignoring further data



  • 3.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Posted 04-22-2015 02:26 PM

    Any more information and or options I am having this same issue...

    Thanx



  • 4.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?
    Best Answer

    Broadcom Employee
    Posted 04-22-2015 05:10 PM

    All:

    TLS 1.1/1.2 1.2 is new functionality and is slated for 9.8 last that I heard.   New functionality is not traditionally back ported into GA releases; there are heavy testing costs that divert focus from the building of new and innovative functionality.  However some earlier releases may have that functionality. You may open a support case to see if you apply. A PCAP file may be needed as part of the analysis.

     

    Thanks

    Hal German

    APM Support



  • 5.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Posted 04-22-2015 05:59 PM

    Hi,

     

    I have came across the same issue in CEM using CA APM 9.7.

     

    After investigating this issue and discovering that TLS 1.1 and 1.2 decryption was not supported, I requested for a hot fix to be made available.  As the TLS 1.1,1.2 protocol has been around since 2008, I felt it was not exceptionable that CA had not provided a solution.

     

    Anyway in the end, they supplied a hotfix that had been created previously for other clients that had come across this before.

     

    My suggestion would be to create a CA Support case, upload the TIM log files with the TLS 1.1,1.2 errors and also do a packet capture and upload the .pcap files so that support can verify the amount and type of traffic for SSL.  This will give support an understanding if the hotfix will work in your scenario.

     

    Good luck.



  • 6.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Posted 04-22-2015 06:46 PM

    Thanks, the CA gave to me the patch

     

    Att.

     

    Diego Lacerda

    Analista de Desenvolvimento

    (81) 8116-7676

     

    Em 22/04/2015 19:38, BenMunn <communityadmin@communities-mail.ca.com> escreveu:

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

    The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

     

    reply from BenMunn<https://communities.ca.com/people/BenMunn?et=watches.email.thread> in CA APM - View the full discussion<https://communities.ca.com/message/241787603?et=watches.email.thread#241787603>



  • 7.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Posted 08-27-2015 10:15 AM

    I have APM 9.5.3 with TIM 9.6.x and have requested this hotfix so we can use TLS 1.1 and 1.2. Let's hope they give me the fix sooner BenMunn diego.lacerda Hallett_German Hallett German



  • 8.  Re: The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?

    Broadcom Employee
    Posted 08-27-2015 11:17 AM

    Supplying a TIM log and pcap from the same timeframe will speed things along to see if you are enabled for this new functionality.