www.sophos.com - DPI Error: Server did not respond to client hello

I would not expect this on a Sophos machine:

2021-11-25 16:32:12SSL/TLS inspectionmessageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="me" src_ip="xxxxxxxx" dst_ip="" user_group="xxxxxx" src_country="R1" dst_country="DEU" src_port="55661" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1391491648" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_256_GCM_SHA384" sni="www.sophos.com" tls_version="TLS1.3" reason="Server did not respond to client hello" exception="" message=""

I've been watching this for a few days now.

Edited TAGs
[edited by: emmosophos at 6:01 PM (GMT -8) on 25 Nov 2021]
  • There are two different parts involved. 

    The exceptions and everything else is for the decryption part. But still the DPI is involved and checks the traffic. Therefore you still see this kind of traffic.

    Server did not respond to client hello can be a basic network issue in this particular stream, but the client can actually recover and re transmit the request. 

    So the main question: Do you have any kind of "problems" within your deployment? 


  • So the main question: Do you have any kind of "problems" within your deployment? 

    Thanks, no we're not having problems loading the sophos.com site.

    If I was the owner of this website and product I'd be sure that these errors would not appear in my product.

  • I see those errors from my APX120 attempting to connect to CM, it then tries a different server and connects correctly.


    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.