A large number of messages similar to the following are seen in the SSE########.log after enabling Secure ICAP on a Symantec Protection Engine (SPE).  The message are logged at regular intervals (e.g. every 1 second). 

Failed to complete TLS/SSL handshake initiated by TLS/SSL client. Error code: error:0A000126:SSL routines::unexpected eof while reading

In a packet capture there are a large number of conversations similar to the following.  

Client: SYN
SPE:    SYN, ACK
Client: ACK
Client: FIN, ACK
SPE:    FIN, ACK
Client: ACK

These conversations correlate with the messages in the SSE########.log.

An external device is performing TCP health checks, which do not complete the TLS/SSL handshake, on the Secure ICAP port.

This message is expected when SPE is configured for secure ICAP and the connecting client terminates the conversation before completing the TLS handshake. To prevent these entries, perform health checks using an ICAP OPTIONS request instead of a TCP health check. For more information on ICAP OPTIONS, see the Software Developer's Guide found in the "SPE Related Documents".

If a different error code is included in the log entry, see Protection Engine error messages Failed to complete TLS/SSL handshake initiated by TLS/SSL client.