I need to know if the new version of APM came with support to TLS 1.1 and 1.2 protocol!
I dont think it was supported in 9.6. I was testing 9.6 TIM as software with Big IP Clone Pools in Non-Prod Env and saw the TLS 1.1/1.2 unsupported messages in Tim logs.
Thu Jul 17 00:56:07 2014 8670 ! Warning: sslinterface: network_process_packet: error 11 (unsupported TLS 1.1/1.2 records), conn 100696, packet 135204, [x.x.x.x]:28094->[x.x.x.x]:443; ignoring further data
Thu Jul 17 00:56:07 2014 8670 ! Warning: sslinterface: network_process_packet: error 11 (unsupported TLS 1.1/1.2 records), conn 100697, packet 135205, [x.x.x.x]:28095->[x.x.x.x]:443; ignoring further data
Any more information and or options I am having this same issue...
TLS 1.1/1.2 1.2 is new functionality and is slated for 9.8 last that I heard. New functionality is not traditionally back ported into GA releases; there are heavy testing costs that divert focus from the building of new and innovative functionality. However some earlier releases may have that functionality. You may open a support case to see if you apply. A PCAP file may be needed as part of the analysis.
I have came across the same issue in CEM using CA APM 9.7.
After investigating this issue and discovering that TLS 1.1 and 1.2 decryption was not supported, I requested for a hot fix to be made available. As the TLS 1.1,1.2 protocol has been around since 2008, I felt it was not exceptionable that CA had not provided a solution.
Anyway in the end, they supplied a hotfix that had been created previously for other clients that had come across this before.
My suggestion would be to create a CA Support case, upload the TIM log files with the TLS 1.1,1.2 errors and also do a packet capture and upload the .pcap files so that support can verify the amount and type of traffic for SSL. This will give support an understanding if the hotfix will work in your scenario.
Thanks, the CA gave to me the patch
Analista de Desenvolvimento
Em 22/04/2015 19:38, BenMunn <email@example.com> escreveu:
CA Communities <https://communities.ca.com/?et=watches.email.thread>
The CEM of the new version of APM (9.6) have support too TLS 1.1 and 1.2?
reply from BenMunn<https://communities.ca.com/people/BenMunn?et=watches.email.thread> in CA APM - View the full discussion<https://communities.ca.com/message/241787603?et=watches.email.thread#241787603>
I have APM 9.5.3 with TIM 9.6.x and have requested this hotfix so we can use TLS 1.1 and 1.2. Let's hope they give me the fix sooner BenMunn diego.lacerda Hallett_German Hallett German
Supplying a TIM log and pcap from the same timeframe will speed things along to see if you are enabled for this new functionality.