This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SCHANNEL errors with the new 10.6.3 version

After the upgrade we started getting the error "A fatal error occurred while creating an SSL client credential. The internal error state is 10013" on all of our systems.  It does it 2 times, every 30 seconds.  We have SHA1 and SSL disabled on our workstations in order to be PCI compliant.  Version 10.3.15 didn't exhibit this behavior.  Do you know of a way we can stop the errors? 

 Event ID 36871 A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

- Joe



This thread was automatically locked due to age.
Parents
  •  

    This is a known issue and we are currently working on a fix. I will update this thread once I know more.

    Thank you,

    Bob

  • No updates on this issue, right? We also have SSLv3 disabled to be PCI compliant and have some complaints about the event logs getting flooded with these errors.

  • As a quick test you could "host file" the 4.sophosxl.net domain just to point to 12.0.0.1.  I guess this would stop the noise?

  • jak said:

    As a quick test you could "host file" the 4.sophosxl.net domain just to point to 12.0.0.1.  I guess this would stop the noise?

    Tell me you mean 127.0.0.1 and not Thailand :)    I'll try it now.   But since it isn't going to be successful connecting to 127.0.0.1 I don't know if it will stop the noise.
    - Joe
  • I'm kind of the middle-man here, but my co-worker said he thinks it stopped the event from logging (and yep I knew you meant 127.0.0.1). I hopped on a server of mine and I don't have event ID 36871, but I do have a bunch of 36874 and 36888, which give a similar description but for TLS1.0. However, these entries stopped the night of 8/12 for my server, so I need a better test system. I'll verify with my co-worker whenever he gets here and checks the event logs.

    I checked a couple other servers of mine and see lots of 36887 events still happening, which just says "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40." The 36874 events seem to have ceased on 8/12 at around 9:00PM on multiple servers.

    Will update this again once I get more info. Thanks! 

  • Setting 4.sophosxl.net to 127.0.0.1 in the host file got rid of almost all the errors.  And the malware/spyware/Trojan blocking of sites still works.   It looks like it is only used for reputation lookups.

    - Joe

Reply Children
No Data