Issues connecting to *.sophosupd.com "Server did not respond to client hello"

Our intercept X clients sometimes cannot connect to Sophos Servers sophosupd.com. XG Firewall shows, the server is not responding "Server did not respond to client hello"

Servers:
d1.sophosupd.com
d2.sophosupd.com
dci.sophosupd.com

This is only happening where the Sophos Server is using TLS1.3, when the servers use TLS1.2 it's working.

Any hot tip on this?

Where it works: TLS1.2

SSL/TLS inspection
2021-07-03 09:23:39
messageid="19004" log_type="SSL" log_component="SSL" log_subtype="Do not decrypt" severity="Information" user="" src_ip="xxxxxxx00" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="49955" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1409813312" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" key_param="RSA 2048 bits" fingerprint="57:53:a4:dd:20:2f:fc:86:55:b9:20:37:45:39:d3:83:41:5f:a0:58" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.2" reason="" exception="" message=""
SSL/TLS inspection
2021-07-03 09:22:45
messageid="19004" log_type="SSL" log_component="SSL" log_subtype="Do not decrypt" severity="Information" user="" src_ip="xxxxxx28" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="50277" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1399071040" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" key_param="RSA 2048 bits" fingerprint="57:53:a4:dd:20:2f:fc:86:55:b9:20:37:45:39:d3:83:41:5f:a0:58" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.2" reason="" exception="" message=""

Where it does not work: TLS1.3

SSL/TLS inspection
2021-07-03 09:26:00
messageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="xxxxxx23" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="51224" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1400079296" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_256_GCM_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.3" reason="Server did not respond to client hello" exception="" message=""
SSL/TLS inspection
2021-07-03 09:24:56
messageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="xxxxx23" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="51216" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="2623893888" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_256_GCM_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.3" reason="Server did not respond to client hello" exception="" message=""

Time	Log subtype	Dst IP	Server name	Cipher suite	Reason
03.07.2021 09:26	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:24	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:20	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:18	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:17	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:13	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:11	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:03	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:01	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:45	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:28	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:26	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:25	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:20	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:18	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:15	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:45	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:28	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:26	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:25	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:20	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:18	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:15	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:10	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:45	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:18	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:17	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:13	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:11	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:03	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:01	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:45	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:28	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:26	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:25	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:20	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:18	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:15	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:45	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:28	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:26	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:25	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:20	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:18	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:15	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:10	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:45	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:28	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:26	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:24	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:20	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:18	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:17	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:13	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:11	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:03	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:01	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:45	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:28	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:26	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:25	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:20	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:18	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:15	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:45	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:28	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:26	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:25	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:20	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:18	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:15	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:10	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:45	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 

  • This has been noticed while trying to install Intercept-X Client for Linux on Ubuntu 20.04.2 which is failing due to this.

    This is what's behind d1.sophosupd.com in the case the issue is happening: e13687.d.akamaiedge.net

    09:26:00.506163 IP 127.0.0.1.56842 > 127.0.0.53.53: 50388+ [1au] A? d1.sophosupd.com. (45)
    09:26:00.506327 IP xxx.xxx.xxx.23.58774 > xxx.xxx.xxx.235.53: 29976+ [1au] A? d1.sophosupd.com. (45)
    09:26:00.506541 IP 127.0.0.1.56842 > 127.0.0.53.53: 59097+ [1au] AAAA? d1.sophosupd.com. (45)
    09:26:00.506654 IP xxx.xxx.xxx.23.51052 > xxx.xxx.xxx.235.53: 52315+ [1au] AAAA? d1.sophosupd.com. (45)
    09:26:00.511974 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.58774: 29976 3/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net., A 184.30.25.172 (149)
    09:26:00.512180 IP 127.0.0.53.53 > 127.0.0.1.56842: 50388 3/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net., A 184.30.25.172 (149)
    09:26:00.512276 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.51052: 52315 2/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net. (133)
    09:26:00.512490 IP xxx.xxx.xxx.23.38529 > xxx.xxx.xxx.235.53: 57971+ [1au] AAAA? e13687.d.akamaiedge.net. (52)
    09:26:00.513819 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.38529: 57971 0/0/1 (52)
    09:26:00.513888 IP 127.0.0.53.53 > 127.0.0.1.56842: 59097 2/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net

    XG URL Lists:

    Local TLS exclusion list
        
    personalstuffhere, wifilogs.sophos.com
        
    Used to hold domains added from the TLS troubleshooting tools. Sites in this group are excluded from TLS decryption by the built-in SSL/TLS exclusion rule.
        
        
    Managed TLS exclusion list
        
    adobe.com, ecure.echosign.com, agni.lindenlab.com, atl.citrixonline.com, authentication.citrixonline.com, iad.citrixonline.com, citrixonlinecdn.com, las.citrixonline.com, live.citrixonline.com, ord.citrixonline.com, sjc.citrixonline.com, fra.citrixonline.com, ams.citrixonline.com, servers.citrixonline.com, play.google.com, tpncs.simplifymedia.net, tpnxmpp.simplifymedia.net, gotomeeting.com, icloud.com, apple.com, gsa.apple.com, gsas.apple.com, itunes.apple.com, ess.apple.com, gc.apple.com, appstore.com, courier.sandbox.push.apple.com, swscan.apple.com, itwin.com, livemeeting.com, logmein.com, secure.logmeinrescue.com, mozilla.org, packetix.net, pgiconnect.com, softether.com, telex.cc, vedivi.com, vudu.com, adobelogin.com, android.com, bitdefender.com, bitdefender.net, books.google.com, drive.google.com, cloudmosa.com, crsi.symantec.com, central.avsi.symantec.com, services-prod.symantec.com, shasta-mr-healthy.symantec.com, login.norton.com, nds.norton.com, stats.norton.com, zpi.nortonzone.com, central.nrsi.symantec.com, ent-shasta-mr-clean.symantec.com, ent-shasta-rrs.symantec.com, vip.symantec.com, tses.symantec.com, www.nortonzone.com, dochub.com, dropbox.com, dropcam.com, fedoraproject.org, informaticacloud.com, informaticaondemand.com, infra.lync.com, activation.sls.microsoft.com, messenger.live.com, lr.live.net, account.live.com, accounts.mesh.com, update.microsoft.com, storage.mesh.com, sls.microsoft.com, windowsupdate.microsoft.com, windowsupdate.com, phonefactor.com, logentries.com, mzstatic.com, onepagecrm.com, osdimg.com, pathviewcloud.com, periscope.tv, postlm.com, postls.com, two.postls.com, quip.com, rhn.redhat.com, rooms.hp.com, securewebportal.net, sharpcast.com, silentcircle.com, silentcircle.net, snapchat.com, table14.fr, urlcloud.paloaltonetworks.com, vagrantcloud.com, verisign.com, wdcdn.net, wiredrive.com, whatsapp.net, whispersystems.org, wildfire.paloaltonetworks.com, anywhere2.telus.com, api.twitter.com, auth.gfx.ms, auth2.triongames.com, autoupdate.opera.com, bitbucket.org, discordapp.com, login.kaseya.net, myquickcloud.com, notify.mql5.com, updates.metaquotes.net, novafusion.ea.com, owner-api.teslamotors.com, portal.aws.amazon.com, secure.hp-ww.com, softwareupdate.vmware.com, sp.cwfservice.net, sso.8x8.com, vm.8x8.com, www.origin.com, sophos.com, sophosxl.com, sophosxl.net, sophosupd.com, sophosupd.net, mojave.net, alert.hitmanpro.com, tf-edr-message-upload-eu-central-1-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-eu-west-1-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-us-east-2-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-us-west-2-prod-bucket.s3.amazonaws.com, mp.microsoft.com, wdcp.microsoft.com, definitionupdates.microsoft.com, go.microsoft.com, smartscreen.microsoft.com, wns.windows.com, logmeinrescue-enterprise.com, duosecurity.com, agentsmith.akamai-access.com
        
    Domains known to be incompatible with TLS decryption. The content of this URL group is managed and may be changed by firmware updates. Sites in this group are excluded from TLS decryption by the built-in SSL/TLS exclusion rule.

  • I also see this. I have only two endpoints at this point and both of them get this error while connecting to one of the *.sophosupd.com servers. If I go to the machines and open Sophos Endpoint, it reports regular it is up to date and shows regular update/status messages that all look good.

    So I assume it's a transient error that sometimes occurs, but I was just about to post something about this myself. It's a little disturbing when an endpoint is apparently trying to update and can't. (Though, again, the endpoint itself doesn't report any issues and appears up to date, so...)

  • I want to push this once more.

    on our XG Firewall 18.0 MR5 in SSL DPI Logs I can still see this TLS 1.3 issues.

    But only from our Ubuntu Servers with Intercept-X installed and connecting only to those Sophos Update servers:

    d1.sophosupd.com
    d2.sophosupd.com

    Found this for following OS:

    Ubuntu 18.04.5 LTS
    Ubuntu 20.04.3 LTS
    Installed Versions:
    Sophos Linux AntiVirus 1.0.3.13
    Sophos Linux Base Component 1.1.7.7
    Sophos Linux Live Response 1.2.2.12
    Sophos Live Discover Plugin 1.1.2.20

    Any suggestion how to fix it?

    Why are the Linux Clients acting differently using TLS 1.3 and fail while windows Servers and Clients use 1.2 and don't fail? It looks like the server is actually serving on TLS 1.3.

    The Domain is in the Sophos-managed Exclusion list: