This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

www.sophos.com - DPI Error: Server did not respond to client hello

I would not expect this on a Sophos machine:

2021-11-25 16:32:12SSL/TLS inspectionmessageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="me" src_ip="xxxxxxxx" dst_ip="23.36.239.66" user_group="xxxxxx" src_country="R1" dst_country="DEU" src_port="55661" dst_port="443" app_name="" app_id="0" category="Software Updates" category_id="68" con_id="1391491648" rule_id="0" profile_id="1" rule_name="System exclusions" profile_name="Maximum compatibility" bitmask="" key_type="KEY_TYPE__UNKNOWN" key_param="Unknown" fingerprint="" resumed="0" cert_chain_served="TRUE" cipher_suite="TLS_AES_256_GCM_SHA384" sni="www.sophos.com" tls_version="TLS1.3" reason="Server did not respond to client hello" exception="" message=""

I've been watching this for a few days now.



This thread was automatically locked due to age.
Parents
  • There are two different parts involved. 

    The exceptions and everything else is for the decryption part. But still the DPI is involved and checks the traffic. Therefore you still see this kind of traffic.

    Server did not respond to client hello can be a basic network issue in this particular stream, but the client can actually recover and re transmit the request. 

    So the main question: Do you have any kind of "problems" within your deployment? 

    __________________________________________________________________________________________________________________

Reply
  • There are two different parts involved. 

    The exceptions and everything else is for the decryption part. But still the DPI is involved and checks the traffic. Therefore you still see this kind of traffic.

    Server did not respond to client hello can be a basic network issue in this particular stream, but the client can actually recover and re transmit the request. 

    So the main question: Do you have any kind of "problems" within your deployment? 

    __________________________________________________________________________________________________________________

Children