This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues connecting to *.sophosupd.com "Server did not respond to client hello"

Our intercept X clients sometimes cannot connect to Sophos Servers sophosupd.com. XG Firewall shows, the server is not responding "Server did not respond to client hello"

Servers:
d1.sophosupd.com
d2.sophosupd.com
dci.sophosupd.com

This is only happening where the Sophos Server is using TLS1.3, when the servers use TLS1.2 it's working.

Any hot tip on this?

Where it works: TLS1.2

SSL/TLS inspection
2021-07-03 09:23:39
messageid="19004" log_type="SSL" log_component="SSL" log_subtype="Do not decrypt" severity="Information" user="" src_ip="xxxxxxx00" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="49955" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1409813312" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" key_param="RSA 2048 bits" fingerprint="57:53:a4:dd:20:2f:fc:86:55:b9:20:37:45:39:d3:83:41:5f:a0:58" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.2" reason="" exception="" message=""
SSL/TLS inspection
2021-07-03 09:22:45
messageid="19004" log_type="SSL" log_component="SSL" log_subtype="Do not decrypt" severity="Information" user="" src_ip="xxxxxx28" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="50277" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1399071040" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="Valid" key_type="KEY_TYPE__RSA" key_param="RSA 2048 bits" fingerprint="57:53:a4:dd:20:2f:fc:86:55:b9:20:37:45:39:d3:83:41:5f:a0:58" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.2" reason="" exception="" message=""

Where it does not work: TLS1.3

SSL/TLS inspection
2021-07-03 09:26:00
messageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="xxxxxx23" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="51224" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1400079296" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_256_GCM_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.3" reason="Server did not respond to client hello" exception="" message=""
SSL/TLS inspection
2021-07-03 09:24:56
messageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="" src_ip="xxxxx23" dst_ip="184.30.25.172" user_group="" src_country="R1" dst_country="DEU" src_port="51216" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="2623893888" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_256_GCM_SHA384" sni="d1.sophosupd.com" tls_version="TLS1.3" reason="Server did not respond to client hello" exception="" message=""

Time	Log subtype	Dst IP	Server name	Cipher suite	Reason
03.07.2021 09:26	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:24	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:20	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:18	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:17	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:13	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:11	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:03	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:01	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:45	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:28	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:26	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:25	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:20	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:18	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:15	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:10	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:45	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:28	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:26	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:25	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:20	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:18	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:15	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:10	Error	184.30.25.172	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:45	Error	2.18.161.158	d1.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:18	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:17	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:13	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:11	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:03	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:01	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:45	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:28	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:26	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:25	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:20	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:18	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:15	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:10	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:45	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:28	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:26	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:25	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:20	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:18	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:15	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:10	Error	184.30.25.172	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:45	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:28	Error	2.18.161.158	d2.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:26	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:24	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:20	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:18	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:17	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:16	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:13	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:11	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:10	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:03	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 09:01	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:45	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:28	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:26	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:25	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:20	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:18	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:15	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 08:10	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:45	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:28	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:26	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:25	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:20	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:18	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:15	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 07:10	Error	184.30.25.172	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 
03.07.2021 06:45	Error	2.18.161.158	dci.sophosupd.com	TLS_AES_256_GCM_SHA384	Server did not respond to client hello 



This thread was automatically locked due to age.
Parents
  • This has been noticed while trying to install Intercept-X Client for Linux on Ubuntu 20.04.2 which is failing due to this.

    This is what's behind d1.sophosupd.com in the case the issue is happening: e13687.d.akamaiedge.net

    09:26:00.506163 IP 127.0.0.1.56842 > 127.0.0.53.53: 50388+ [1au] A? d1.sophosupd.com. (45)
    09:26:00.506327 IP xxx.xxx.xxx.23.58774 > xxx.xxx.xxx.235.53: 29976+ [1au] A? d1.sophosupd.com. (45)
    09:26:00.506541 IP 127.0.0.1.56842 > 127.0.0.53.53: 59097+ [1au] AAAA? d1.sophosupd.com. (45)
    09:26:00.506654 IP xxx.xxx.xxx.23.51052 > xxx.xxx.xxx.235.53: 52315+ [1au] AAAA? d1.sophosupd.com. (45)
    09:26:00.511974 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.58774: 29976 3/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net., A 184.30.25.172 (149)
    09:26:00.512180 IP 127.0.0.53.53 > 127.0.0.1.56842: 50388 3/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net., A 184.30.25.172 (149)
    09:26:00.512276 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.51052: 52315 2/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net. (133)
    09:26:00.512490 IP xxx.xxx.xxx.23.38529 > xxx.xxx.xxx.235.53: 57971+ [1au] AAAA? e13687.d.akamaiedge.net. (52)
    09:26:00.513819 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.38529: 57971 0/0/1 (52)
    09:26:00.513888 IP 127.0.0.53.53 > 127.0.0.1.56842: 59097 2/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net

    XG URL Lists:

    Local TLS exclusion list
        
    personalstuffhere, wifilogs.sophos.com
        
    Used to hold domains added from the TLS troubleshooting tools. Sites in this group are excluded from TLS decryption by the built-in SSL/TLS exclusion rule.
        
        
    Managed TLS exclusion list
        
    adobe.com, ecure.echosign.com, agni.lindenlab.com, atl.citrixonline.com, authentication.citrixonline.com, iad.citrixonline.com, citrixonlinecdn.com, las.citrixonline.com, live.citrixonline.com, ord.citrixonline.com, sjc.citrixonline.com, fra.citrixonline.com, ams.citrixonline.com, servers.citrixonline.com, play.google.com, tpncs.simplifymedia.net, tpnxmpp.simplifymedia.net, gotomeeting.com, icloud.com, apple.com, gsa.apple.com, gsas.apple.com, itunes.apple.com, ess.apple.com, gc.apple.com, appstore.com, courier.sandbox.push.apple.com, swscan.apple.com, itwin.com, livemeeting.com, logmein.com, secure.logmeinrescue.com, mozilla.org, packetix.net, pgiconnect.com, softether.com, telex.cc, vedivi.com, vudu.com, adobelogin.com, android.com, bitdefender.com, bitdefender.net, books.google.com, drive.google.com, cloudmosa.com, crsi.symantec.com, central.avsi.symantec.com, services-prod.symantec.com, shasta-mr-healthy.symantec.com, login.norton.com, nds.norton.com, stats.norton.com, zpi.nortonzone.com, central.nrsi.symantec.com, ent-shasta-mr-clean.symantec.com, ent-shasta-rrs.symantec.com, vip.symantec.com, tses.symantec.com, www.nortonzone.com, dochub.com, dropbox.com, dropcam.com, fedoraproject.org, informaticacloud.com, informaticaondemand.com, infra.lync.com, activation.sls.microsoft.com, messenger.live.com, lr.live.net, account.live.com, accounts.mesh.com, update.microsoft.com, storage.mesh.com, sls.microsoft.com, windowsupdate.microsoft.com, windowsupdate.com, phonefactor.com, logentries.com, mzstatic.com, onepagecrm.com, osdimg.com, pathviewcloud.com, periscope.tv, postlm.com, postls.com, two.postls.com, quip.com, rhn.redhat.com, rooms.hp.com, securewebportal.net, sharpcast.com, silentcircle.com, silentcircle.net, snapchat.com, table14.fr, urlcloud.paloaltonetworks.com, vagrantcloud.com, verisign.com, wdcdn.net, wiredrive.com, whatsapp.net, whispersystems.org, wildfire.paloaltonetworks.com, anywhere2.telus.com, api.twitter.com, auth.gfx.ms, auth2.triongames.com, autoupdate.opera.com, bitbucket.org, discordapp.com, login.kaseya.net, myquickcloud.com, notify.mql5.com, updates.metaquotes.net, novafusion.ea.com, owner-api.teslamotors.com, portal.aws.amazon.com, secure.hp-ww.com, softwareupdate.vmware.com, sp.cwfservice.net, sso.8x8.com, vm.8x8.com, www.origin.com, sophos.com, sophosxl.com, sophosxl.net, sophosupd.com, sophosupd.net, mojave.net, alert.hitmanpro.com, tf-edr-message-upload-eu-central-1-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-eu-west-1-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-us-east-2-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-us-west-2-prod-bucket.s3.amazonaws.com, mp.microsoft.com, wdcp.microsoft.com, definitionupdates.microsoft.com, go.microsoft.com, smartscreen.microsoft.com, wns.windows.com, logmeinrescue-enterprise.com, duosecurity.com, agentsmith.akamai-access.com
        
    Domains known to be incompatible with TLS decryption. The content of this URL group is managed and may be changed by firmware updates. Sites in this group are excluded from TLS decryption by the built-in SSL/TLS exclusion rule.

Reply
  • This has been noticed while trying to install Intercept-X Client for Linux on Ubuntu 20.04.2 which is failing due to this.

    This is what's behind d1.sophosupd.com in the case the issue is happening: e13687.d.akamaiedge.net

    09:26:00.506163 IP 127.0.0.1.56842 > 127.0.0.53.53: 50388+ [1au] A? d1.sophosupd.com. (45)
    09:26:00.506327 IP xxx.xxx.xxx.23.58774 > xxx.xxx.xxx.235.53: 29976+ [1au] A? d1.sophosupd.com. (45)
    09:26:00.506541 IP 127.0.0.1.56842 > 127.0.0.53.53: 59097+ [1au] AAAA? d1.sophosupd.com. (45)
    09:26:00.506654 IP xxx.xxx.xxx.23.51052 > xxx.xxx.xxx.235.53: 52315+ [1au] AAAA? d1.sophosupd.com. (45)
    09:26:00.511974 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.58774: 29976 3/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net., A 184.30.25.172 (149)
    09:26:00.512180 IP 127.0.0.53.53 > 127.0.0.1.56842: 50388 3/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net., A 184.30.25.172 (149)
    09:26:00.512276 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.51052: 52315 2/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net. (133)
    09:26:00.512490 IP xxx.xxx.xxx.23.38529 > xxx.xxx.xxx.235.53: 57971+ [1au] AAAA? e13687.d.akamaiedge.net. (52)
    09:26:00.513819 IP xxx.xxx.xxx.235.53 > xxx.xxx.xxx.23.38529: 57971 0/0/1 (52)
    09:26:00.513888 IP 127.0.0.53.53 > 127.0.0.1.56842: 59097 2/0/1 CNAME prod-san-0-dd.sophosdelivery.edgekey.net., CNAME e13687.d.akamaiedge.net

    XG URL Lists:

    Local TLS exclusion list
        
    personalstuffhere, wifilogs.sophos.com
        
    Used to hold domains added from the TLS troubleshooting tools. Sites in this group are excluded from TLS decryption by the built-in SSL/TLS exclusion rule.
        
        
    Managed TLS exclusion list
        
    adobe.com, ecure.echosign.com, agni.lindenlab.com, atl.citrixonline.com, authentication.citrixonline.com, iad.citrixonline.com, citrixonlinecdn.com, las.citrixonline.com, live.citrixonline.com, ord.citrixonline.com, sjc.citrixonline.com, fra.citrixonline.com, ams.citrixonline.com, servers.citrixonline.com, play.google.com, tpncs.simplifymedia.net, tpnxmpp.simplifymedia.net, gotomeeting.com, icloud.com, apple.com, gsa.apple.com, gsas.apple.com, itunes.apple.com, ess.apple.com, gc.apple.com, appstore.com, courier.sandbox.push.apple.com, swscan.apple.com, itwin.com, livemeeting.com, logmein.com, secure.logmeinrescue.com, mozilla.org, packetix.net, pgiconnect.com, softether.com, telex.cc, vedivi.com, vudu.com, adobelogin.com, android.com, bitdefender.com, bitdefender.net, books.google.com, drive.google.com, cloudmosa.com, crsi.symantec.com, central.avsi.symantec.com, services-prod.symantec.com, shasta-mr-healthy.symantec.com, login.norton.com, nds.norton.com, stats.norton.com, zpi.nortonzone.com, central.nrsi.symantec.com, ent-shasta-mr-clean.symantec.com, ent-shasta-rrs.symantec.com, vip.symantec.com, tses.symantec.com, www.nortonzone.com, dochub.com, dropbox.com, dropcam.com, fedoraproject.org, informaticacloud.com, informaticaondemand.com, infra.lync.com, activation.sls.microsoft.com, messenger.live.com, lr.live.net, account.live.com, accounts.mesh.com, update.microsoft.com, storage.mesh.com, sls.microsoft.com, windowsupdate.microsoft.com, windowsupdate.com, phonefactor.com, logentries.com, mzstatic.com, onepagecrm.com, osdimg.com, pathviewcloud.com, periscope.tv, postlm.com, postls.com, two.postls.com, quip.com, rhn.redhat.com, rooms.hp.com, securewebportal.net, sharpcast.com, silentcircle.com, silentcircle.net, snapchat.com, table14.fr, urlcloud.paloaltonetworks.com, vagrantcloud.com, verisign.com, wdcdn.net, wiredrive.com, whatsapp.net, whispersystems.org, wildfire.paloaltonetworks.com, anywhere2.telus.com, api.twitter.com, auth.gfx.ms, auth2.triongames.com, autoupdate.opera.com, bitbucket.org, discordapp.com, login.kaseya.net, myquickcloud.com, notify.mql5.com, updates.metaquotes.net, novafusion.ea.com, owner-api.teslamotors.com, portal.aws.amazon.com, secure.hp-ww.com, softwareupdate.vmware.com, sp.cwfservice.net, sso.8x8.com, vm.8x8.com, www.origin.com, sophos.com, sophosxl.com, sophosxl.net, sophosupd.com, sophosupd.net, mojave.net, alert.hitmanpro.com, tf-edr-message-upload-eu-central-1-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-eu-west-1-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-us-east-2-prod-bucket.s3.amazonaws.com, tf-edr-message-upload-us-west-2-prod-bucket.s3.amazonaws.com, mp.microsoft.com, wdcp.microsoft.com, definitionupdates.microsoft.com, go.microsoft.com, smartscreen.microsoft.com, wns.windows.com, logmeinrescue-enterprise.com, duosecurity.com, agentsmith.akamai-access.com
        
    Domains known to be incompatible with TLS decryption. The content of this URL group is managed and may be changed by firmware updates. Sites in this group are excluded from TLS decryption by the built-in SSL/TLS exclusion rule.

Children
No Data