Vault: transport connection broken: malformed HTTP response when TLS enabled.

Created on 23 Oct 2018 · 2Comments · Source: hashicorp/vault

Enabling TLS is resulting in following error:

$vault status                                                
Error checking seal status: Get http://127.0.0.1:8200/v1/sys/seal-status: net/ht
tp: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\
x00\x02\x02"      


$ vault operator init                                         
Error initializing: Put http://127.0.0.1:8200/v1/sys/init: net/http: HTTP/1.x tr
ansport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

Environment:

Vault Server Version : 0.9.6
Vault CLI Version : Vault v0.9.6
Server Operating System/Architecture: Alpine

Vault server configuration file(s):

```$ cat config.hcl
disable_mlock = true

storage "postgresql" {
connection_url = "postgres://vault:vault@postgresql:5432/postgres?sslmode=disa
ble"
}

listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 0
tls_cert_file = "/etc/certs/vault-server.crt"
tls_key_file = "/etc/certs/vault-server.key"
}

max_lease_ttl = "7200h"
default_lease_ttl = "7200h"

Everything works fine when tls is disabled, tls_disable set to 1. 

Vault logs:

Source

Raghavendarlokineni

Most helpful comment

It appears you have not updated your environment variable for using HTTPS. You are still connecting to http://... so setting the VAULT_ADDR environment variable should fix your issue.

chrishoffman on 25 Oct 2018

👍2 😄1

All 2 comments

It appears you have not updated your environment variable for using HTTPS. You are still connecting to http://... so setting the VAULT_ADDR environment variable should fix your issue.

chrishoffman on 25 Oct 2018

👍2 😄1

This means the HTTP response is encrypted while you are expecting a plain text one bec you set the VAULT_ADDR enviroment var. in HTTP. @chrishoffman thanks