Seeing lots of TLS Handshake errors on Server 2012r2 clients

Like the title says I am seeing a huge volume of SCHANNEL error events in my Server2012r2 severs that are all relating to requests to 4.sophosxl.net 

From what I can tell that URL is supporting a narrow string of Cipher suites for TLS 1.2 that were only introduced to Windows Server in Server 2016. Is anyone else seeing these events on clients with Sophos Endpoint Agent installed and running older (but still supported) versions of Windows Server?

Parents Reply Children
  • - Yes we have had KB3172614 installed for some time on this server, so installation predates this issue

    - I do not believe the first link you sent is applicable for Server 2012r2, regardless we control TLS protocols via GPO configured registry settings as is standard. I can verify with wireshark the servers make successful TLS 1.2 handshakes all day with other clients, it is just the 4.sophosxl.net URL that they are having issues with. Apparently this was an issue in the past with Sophos releases when SSLv3 support was removed, many admins chose to just black hole 4.sophosxl.net via a host file entry pointing to 127.0.0.1. I would rather not do this as it would more than likely remove the errors we see at the expense of fundamentally breaking reputation lookup (which appears to be the case anyways for clients that do not support the ciphers that 4.sophosxl.net suppports)