Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 5 subscribers
  • Views 45336 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SCHANNEL errors with the new 10.6.3 version

JoeLansing

After the upgrade we started getting the error "A fatal error occurred while creating an SSL client credential. The internal error state is 10013" on all of our systems.  It does it 2 times, every 30 seconds.  We have SHA1 and SSL disabled on our workstations in order to be PCI compliant.  Version 10.3.15 didn't exhibit this behavior.  Do you know of a way we can stop the errors? 

 Event ID 36871 A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

- Joe



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to jak

    The clients get an HTTP 400 error trying to get to that link.  But then so does my phone.  It says "400 protobuff message violation".  

    The cac.pem certificate files that Sophos uses are still using MD5.  I wonder if that could be part of the problem? 

    And my original message wasn't quite right.  We have RC4 and SSL2 and SSL3 disabled on our workstations.

    - Joe

  • 0 in reply to JoeLansing

    So when I read https://www.sophos.com/en-us/support/knowledgebase/117936.aspx I can see this is using HTTPS for file reputation lookups.   Wireshark is showing our workstations getting a RST from 4.sophosxl.net when they try to connect.   I have malicious traffic detection, Block access to malicious web sites, and Live Protection all turned off, but I still get the errors and the 4.sophosxl.net traffic.

    This registry key which enables SSLV3 on my workstation, makes the SCHANNEL errors stop:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "Enabled"=dword:00000001

    Too bad that isn't a fix for us.   I've had case 5894880 open for a couple of days now, but no activity since it was opened.

    - Joe

  • 0 in reply to JoeLansing

     It's the Sophos System Protection Service using SSLV3 and causing the errors.  When I stop the service, the errors go away.   This makes sense.  https://www.sophos.com/en-us/support/knowledgebase/121619.aspx says it is using SXL4 over HTTPS.  It's a new feature, why did they write it to use SSLV3??

    - Joe

Unfiltered HTML