search cancel

DLP Agent is not reporting with error Message:Libcurl Error: 35.

book

Article ID: 224029

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

DLP Agent is not reporting to Endpoint Prevent Server. Ping and telnet from the agent to the Endpoint Prevent server are working fine. 

EDPA finest logs have the below error:

08/25/2021 02:15:12 | 18244 | FINEST  | Communication.CurlTransportLayer | Clearing DNS cache as FAILURE_TO_CONNECT error occurred

08/25/2021 02:15:12 | 18244 | FINEST  | Communication.CurlTransportLayer | TransportDisconnectionInformation [DisconnectReason: FAILURE_TO_CONNECT, TransportErrorCode: SERVER_REFUSED_CONNECTION, ErrorMessage:Libcurl Error: '35'. Error Message: SSL connect error. Last Error String: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x.x:10443

Endpoint Server aggregator logs have a lot of SSL Handshake fail errors as follows,

File: SymantecDLPLogs/Endpoint_Detection/logs/debug/Aggregator0.log

Date: 8/26/2021 4:02:11 PM

Class: com.symantec.dlp.communications.common.activitylogging.JavaLoggerImpl

Method: log

Level: WARNING

Message: 

javax.net.ssl.SSLHandshakeException: null cert chain

All the machines on the corporate network are facing the issue.

Cause

It was found that an SSL machine called "Webkeeper" was deployed on the office network. This SSL machine was doing SSL decryption and was causing SSL issues between the DLP agent and Endpoint Prevent Server.  

Resolution

Adding exceptions for DLP on the SSL machine fixed the issue.