Check the trace for the
supported algorithms and if you using the correct cipher then check the trace for "Extension: Unknown 23".
It indicates the client is using:
"RFC7627 Extended Master Secret Extension"
In the example below the correct cipher suite is supported but the extension is causing the issue:
Bug 256783 - [AppResponse] -WTA SSL decoding support for Extended Master Secret Extension (RFC7627) was logged for this issue and is resolved in AR11 version 11.9.0 and onwards.