The stderr.log file is rapidly growing in size and contains many org.bouncycastle.tls.TlsFatalAlert entries
Last Modified: 2023-07-31 04:59:32 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
The stderr.log file is rapidly growing in size and contains many org.bouncycastle.tls.TlsFatalAlert entries
Technical Articles ID:
KB91726
Last Modified: 2023-07-31 04:59:32 Etc/GMT Environment
ePolicy Orchestrator (ePO) 5.10.x For details of ePO-supported environments, see KB51569 - Supported platforms for ePolicy Orchestrator. Problem
The INFO: Server raised fatal(2) protocol_version(70) alert: Failed to process record org.bouncycastle.tls.TlsFatalAlert: protocol_version(70) At org.bouncycastle.jsse.provider.ProvTlsServer.getServerVersion(Unknown Source) At org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(Unknown Source) ... At org.bouncycastle.jsse.provider.ProvSSLEngine.unwrap(Unknown Source) At javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) At org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:350) At org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:209) At org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1751) At org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734) At java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) At java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) At org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) At java.lang.Thread.run(Thread.java:748) Cause
The ePO server cipher suites aren't in the correct order.
Solution
Manually reorder the cipher suites on the ePO server with a Windows Group Policy. For detailed steps, see this Microsoft documentation.
For the cipher suite list priority order, follow the order list in the "New default priority order for these versions of Windows" section in this Microsoft article. Related Information
To view other known and resolved ePO 5.10.x known issues, see KB90382 - ePolicy Orchestrator 5.10.x Known Issues.
Affected ProductsLanguages:This article is available in the following languages: |
|