App Control: console API access is failing with error SSL_ERROR_SYSCALL
Article ID: 288567
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- After installing the App Control Server the console API status is red in system configuration "advance options" tab.
- console is failing to complete several basic features like listing users, roles,. user management and pretty much any action that involves an API Call.
- The following error can be found in the PHPErrors logs:
[29-Dec-2020 09:53:48 PST] API Error from page /support.php: GET SERVERNAMEHERE/api/bit9platform/v1/serverConfig/ with params {"q":"name:ShowCDCImportButtons"} with options {"81":0,"64":0,"19913":1,"42":0,"156":61000,"10023":"[removed from logging]","10022":"[removed from logging]","10015":"[removed from logging]"} returned http code 0 and result in 0.0026419162750244 seconds
[29-Dec-2020 09:53:48 PST] Last Curl error: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to SERVERNAMEHERE:443
Environment
- App Control Console: 8.X and higher
- Windows Server 2019
Cause
App Control Console does not support TLS 1.3.
Resolution
Apply one of the following actions:
- in the App Control sever open C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\Objects\ApiCall.php and replace the variable $curlDefaultOptions (lines 295-392) with the following entry:
$curlDefaultOptions = array( CURLOPT_RETURNTRANSFER => 1, CURLOPT_HEADER => 0, CURLOPT_CONNECTTIMEOUT_MS => 61000, CURLOPT_SSL_VERIFYPEER => 0, CURLOPT_HTTPHEADER => $header, CURLOPT_SSLVERSION => CURL_SSLVERSION_MAX_TLSv1_2, CURLOPT_COOKIE => 'apiSessionId='.$token );save the change and replicate the issue.
- Disable TLS 1.3 in Windows Server
Additional Information
Please note that the error SSL_ERROR_SYSCALL is a generic openssl error and may be not related to this solution.
Feedback
Yes
No
Powered by
