search cancel

Cannot download WSS logs via SyncAPI after October 28 2022


Article ID: 253450


Updated On:


Standard Web Security


SIEM API client downloading WSS HTTP logs via the SyncAPI endpoint.

WSS logs have been downloading and ingesting correctly into SIEM until October 28 2022 when no new logs are visible.

Downloading the same logs using curl working fine.

SIEM logs showing TLS handshake errors as shown below:

SSL routines:ssl3_read_bytes:sslv3 alert handshake failure


TLS 1.1 support has been removed from the Portal, impacting all requests into Portal and not just the WSS administration tool.

SIEM client was set to use TLS 1.1 which failed.


Make sure that your SIEM client uses TLS 1.2 and greater for all requests into the SyncAPI endpoint.

Additional Information

Curl worked well because curl defaults to using TLS 1.3 in the setup. Curl parameters exist to force a TLS 1.1 session where the issue was seen.

$ curl "" -H "X-APIUsername:xxxxxxx" -H "X-APIPassword:yyyyy" -o /dev/null --tlsv1.1 --tls-max 1.1
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure