Sophos Enterprise Console (SEC) Remote Management System Router logs (version 5.4.1 or above), or message relay's router logs (found in c:\ProgramData\Sophos\Remote Management System\3\Router\Logs) may show two repeating errors from ACE_SSL:
c:\ProgramData\Sophos\Remote Management System\3\Router\Logs)
SSL_shutdown:shutdown while in init
Having a large amount of these can cause a high load on the Sophos Message Router service. These errors are triggered when a client which only supports TLS 1.0 tries to connect to a SEC version 5.4.1 or above that only supports TLS 1.2+. After the clients sends the HELLO with TLS 1.0 listed, it gets rejected, which results in the shutdown message.
This article describes the steps to track the IP addresses of the clients making this connection. In
The following sections are covered:
Applies to the following Sophos products and versions Enterprise Console 5.5.0Enterprise Console 5.4.1Enterprise Console 5.5.1
This will get you the list of client IPs (The Sources) that are using TLS 1.0 to connect to RMS. Each one will need to be investigated as they could be an old client, a network device, a port scanner, or other software.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.