http: TLS handshake error from

[Hridyesh Pant]

Hi ,

we are keep getting below message ,however vault is working fine .

2016/04/02 07:22:13 http: TLS handshake error from 10.2.80.79:17861: EOF

2016/04/02 07:22:14 http: TLS handshake error from 10.2.80.17:26794: EOF

2016/04/02 07:22:23 http: TLS handshake error from 10.2.80.79:17862: EOF

2016/04/02 07:22:24 http: TLS handshake error from 10.2.80.17:26799: EOF

2016/04/02 07:22:33 http: TLS handshake error from 10.2.80.79:17866: EOF

2016/04/02 07:22:34 http: TLS handshake error from 10.2.80.17:26800: EOF

2016/04/02 07:22:43 http: TLS handshake error from 10.2.80.79:17869: EOF

2016/04/02 07:22:44 http: TLS handshake error from 10.2.80.17:26803: EOF

2016/04/02 07:22:53 http: TLS handshake error from 10.2.80.79:17873: EOF

2016/04/02 07:22:54 http: TLS handshake error from 10.2.80.17:26806: EOF

2016/04/02 07:23:02 http: TLS handshake error from 10.2.80.79:17881: tls: client offered an unsupported, maximum protocol version of 301

the ip (10.2.80.79 and 10.2.80.17) doesnt not match with any configuration file,, wondering why we are getting these message in log file? 

backend "dynamodb" {

  table = "AAA"

  region = "us-west-2"

  advertise_addr ="https://10.1.98.29:8200"

  recovery_mode=1

}

listener "tcp" {

  address = "127.0.0.1:8200"

  tls_disable = 1

}

listener "tcp" {

  address = "10.1.98.29:8200"

  tls_disable = 0

  tls_cert_file = "/opt/vault/server.crt"

  tls_key_file = "/opt/vault/server.key"

}

vault version : 0.5.2

--Thanks

Hridyesh

[Hridyesh Pant]

i have now removed ELB health check (TCP:8200) .now i am not seeing error like 2016/04/02 07:22:13 http: TLS handshake error from 10.2.80.79:17861: EOF.

But i am still seeing below and i could not find these ips in 10.1.82.220 and 10.1.84.175 . Is ELB still playing role here ? The vault server is behind the ELB .

2016/04/03 11:25:16 http: TLS handshake error from 10.1.82.220:48778: tls: client offered an unsupported, maximum protocol version of 301

2016/04/03 11:28:31 http: TLS handshake error from 10.1.84.175:32750: tls: client offered an unsupported, maximum protocol version of 301

2016/04/03 11:30:21 http: TLS handshake error from 10.1.82.220:48915: tls: client offered an unsupported, maximum protocol version of 301

--Thanks

Hridyesh

[Jeff Mitchell]

Hi Hridyesh,

This happens when a client tries to connect with TLS 1.1 but Vault is
only configured for TLS 1.2. Often this is seen with ELB health
checks, although you said you have disabled them. I'm not sure what's
causing them as I don't know what is at the IP addresses specified,
but it's only a problem if your clients are having trouble connecting!

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/dec976d7-2dc1-4812-a057-d59338dafaf7%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.