Environment
- App Control Console: 8.X and higher
- Windows Server 2019
Symptoms
- After installing the App Control Server the console API status is red in system configuration "advance options" tab.
- console is failing to complete several basic features like listing users, roles,. user management and pretty much any action that involves an API Call.
- The following error can be found in the PHPErrors logs:
[29-Dec-2020 09:53:48 PST] API Error from page /support.php: GET SERVERNAMEHERE/api/bit9platform/v1/serverConfig/ with params {"q":"name:ShowCDCImportButtons"} with options {"81":0,"64":0,"19913":1,"42":0,"156":61000,"10023":"[removed from logging]","10022":"[removed from logging]","10015":"[removed from logging]"} returned http code 0 and result in 0.0026419162750244 seconds
[29-Dec-2020 09:53:48 PST] Last Curl error: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to SERVERNAMEHERE:443Cause
App Control Console does not support TLS 1.3.
Resolution
Apply one of the following actions:
- in the App Control sever open C:\Program Files (x86)\Bit9\Parity Console\WebUI\include\Objects\ApiCall.php and replace the variable $curlDefaultOptions (lines 295-392) with the following entry:
$curlDefaultOptions = array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_HEADER => 0,
CURLOPT_CONNECTTIMEOUT_MS => 61000,
CURLOPT_SSL_VERIFYPEER => 0,
CURLOPT_HTTPHEADER => $header,
CURLOPT_SSLVERSION => CURL_SSLVERSION_MAX_TLSv1_2,
CURLOPT_COOKIE => 'apiSessionId='.$token
);
save the change and replicate the issue.
- Disable TLS 1.3 in Windows Server
Additional Notes
Please note that the error SSL_ERROR_SYSCALL is a generic openssl error and may be not related to this solution.
