When attempting to connect clients to the Symantec Endpoint Protection Manager (SEPM) using https, clients receive a WinInet 12157 error, "The application experienced an internal error loading the SSL libraries."
05/24 09:48:47.079  9:48:47=>HTTP REQUEST sent
05/24 09:48:47.079  <ParseErrorCode:>12157=>The application experienced an internal error loading the SSL libraries.
05/24 09:48:47.079  9:48:47=>QUERY return code
This error can occur when a client attempts to connect to the SEPM utilizing an unsupported cipher suite. For example, in environments where TLS 1.2-only is enforced. The cipher suite may not be supported by the Operating System of the client or SEPM, or by the SEPM's integrated Apache configuration. Windows Operating systems where IE8 (Internet Explorer version 8) is still installed, for example, will not support TLS 1.2 communications and must be updated to IE11.
Ensure that all of the following are configured to allow the necessary ciphers: Windows OS (client- and SEPM-side), client IE, and SEPM Apache. The IE8 example above applies to SEP versions older than 14.2 (14.2.758); newer versions of SEP use cve (Communications Module) rather than sylink and are not affected by older IE versions.
Some older versions of Windows cannot use TLS 1.2: See HTTPS communications fail to Endpoint Protection clients installed on Windows XP / Server 2003
When clients connect to the SEPM over https, they must connect using a TLS cipher suite. If your client is defaulting to SSLv2/SSLv3 or TLS versions that are disallowed in your environment, you can modify the settings on your SEP client (and/or of SEPM) allow only the correct ciphers.
See related articles below.
Configuring TLS v1.2 communications between Endpoint Protection Manager 14 and clients
NOTE: configuring Windows OS cipher suite restrictions incorrectly could disable networking for related applications and customers should consult with Microsoft technical support concerning the two articles below:
Vulnerability in SSL 3.0 Could Allow Information Disclosure
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll