Hi,
I have came across the same issue in CEM using CA APM 9.7.
After investigating this issue and discovering that TLS 1.1 and 1.2 decryption was not supported, I requested for a hot fix to be made available. As the TLS 1.1,1.2 protocol has been around since 2008, I felt it was not exceptionable that CA had not provided a solution.
Anyway in the end, they supplied a hotfix that had been created previously for other clients that had come across this before.
My suggestion would be to create a CA Support case, upload the TIM log files with the TLS 1.1,1.2 errors and also do a packet capture and upload the .pcap files so that support can verify the amount and type of traffic for SSL. This will give support an understanding if the hotfix will work in your scenario.
Good luck.