search cancel

DLP Agent is not reporting with error Message:Libcurl Error: 35.


Article ID: 224029


Updated On:


Data Loss Prevention Endpoint Prevent


DLP Agent is not reporting to Endpoint Prevent Server. Ping and telnet from the agent to the Endpoint Prevent server are working fine. 

EDPA finest logs have the below error:

08/25/2021 02:15:12 | 18244 | FINEST  | Communication.CurlTransportLayer | Clearing DNS cache as FAILURE_TO_CONNECT error occurred

08/25/2021 02:15:12 | 18244 | FINEST  | Communication.CurlTransportLayer | TransportDisconnectionInformation [DisconnectReason: FAILURE_TO_CONNECT, TransportErrorCode: SERVER_REFUSED_CONNECTION, ErrorMessage:Libcurl Error: '35'. Error Message: SSL connect error. Last Error String: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to x.x.x.x:10443

Endpoint Server aggregator logs have a lot of SSL Handshake fail errors as follows,

File: SymantecDLPLogs/Endpoint_Detection/logs/debug/Aggregator0.log

Date: 8/26/2021 4:02:11 PM


Method: log


Message: null cert chain

All the machines on the corporate network are facing the issue.


It was found that an SSL machine called "Webkeeper" was deployed on the office network. This SSL machine was doing SSL decryption and was causing SSL issues between the DLP agent and Endpoint Prevent Server.  


Adding exceptions for DLP on the SSL machine fixed the issue.