You have Symantec Protection Engine (SPE) configured for Secure ICAP and see the following error in the logs:
Failed to complete TLS/SSL handshake initiated by TLS/SSL client. Error code: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Protection Engine received a request that was not using TLS when configured to use Secure ICAP. This can happen if you enable Secure ICAP but do not configure your connector/client to connect via TLS/SSL before sending an ICAP request.
Check SPE configuration to confirm that basic ICAP is set to port 1344 and secure ICAP is set to port 11344.
Ensure all clients/connectors are configured to connect via TLS/SSL before sending an ICAP request.
Example: ssecls.exe -secure true -verifycert false -server 127.0.0.1:11344:0:true "C:\Program Files\Symantec\Scan Engine\cmdLineScanner\C\ssecls.exe"
For more information on ssecls see documentation
Protection Engine Development have released a patched version of ssecls for Linux to fix a known issue that can also cause this error. Please see attached file "ssecls-5.4.0-8.2.2_1665783251910.zip"
Here are the steps to rename the current ssecls and replace it with this file:
mv /opt/SYMCScan/ssecls/C/ssecls /opt/SYMCScan/ssecls/C/ssecls-old
mv ssecls /opt/SYMCScan/ssecls/C/ssecls
chmod +x ssecls
Then please run the new ssecls with the same command.
Please also see the following.