net/http: TLS handshake timeout

3,638 views
Skip to first unread message

Weisin Chong

unread,
Jan 25, 2019, 3:02:41 PM1/25/19
to Vault
I am getting "net/http: TLS handshake timeout" when using the vault cli

$ vault status
Error checking seal status: Get https://xx.xx.xx.xx/v1/sys/seal-status: net/http: TLS handshake timeout

but not when I call the API directly:

{"type":"shamir","initialized":true,"sealed":false,"t":1,"n":1,"progress":0,"nonce":"","version":"1.0.0+prem.hsm","migration":false,"cluster_name":"xx-xx-xx","cluster_id":"xxxxxxxxxxxxxxxxxxxx","recovery_seal":true}

I've been scratching my head on this for a few days... Any idea why the TLS handshake timeout with the cli and not calling the api?

Thanks.

Lowe Schmidt

unread,
Jan 26, 2019, 4:51:06 AM1/26/19
to vault...@googlegroups.com
Do you have port configured for VAULT_ADDR ? It should look something like "https://my.vault.instance:8200" (or 443 if behind an LB)
--
Lowe Schmidt | +46 723 867 157


--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/caba7668-5ede-425a-94eb-b7462b399b28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Weisin Chong

unread,
Jan 26, 2019, 5:40:47 PM1/26/19
to Vault
I tried appending 443 but still I am getting the net/http: TLS handshake timeout. Error:

$ VAULT_ADDR=https://some-domain.com:443 ./vault status
Error checking seal status: Get https://some-domain.com:443/v1/sys/seal-status: net/http: TLS handshake timeout

Jeff Mitchell

unread,
Jan 26, 2019, 6:15:47 PM1/26/19
to Vault
This behavior suggests a firewall that is dropping the connections silently. My suspicion is that it's due to user agent difference.

Best,
Jeff

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/75b3f467-9957-40f7-a7e8-7ed78a1c8ba2%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages