TLS handshake timeout when running most TF commands

[jkaye31]

This issue first came up when trying to run terraform plan on a repo that I had been working on a few days earlier. I was on my company's VPN and I was receiving TLS handshake timeouts. Here's the output for that error:

Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: RequestError: send request failed
caused by: Post https://sts.amazonaws.com/: net/http: TLS handshake timeout

When I returned to the office, the error persisted. This has also happened to remote co-worker in my organization. I tried using sudo, I tried creating new users on the machine, and I've tested this on different networks. I can successfully run aws sts get-caller-identity. I also tested this with TF11 and I'm getting the same problem.

Terraform Version

Terraform v0.12.12 (also tested with v0.11.14)

Terraform Configuration Files

Happening on init even so config files aren't relevant

Debug Output

https://gist.github.com/jkaye31/762fcbafb1f64b05a52c66bde3890377

Expected Behavior

Should be able to run terraform commands

Actual Behavior

Receiving a TLS handshake timeout

Steps to Reproduce

1. terraform init 

[rlonberg]

Regarding the following timeout error described above:

Checkpoint error: Get https://checkpoint-api.hashicorp.com/v1/check/terraform?arch=amd64&os=darwin&signature=076e151e-3873-c631-f6ad-96fb7d670643&version=0.12.12: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

Tested this with @jkaye31 and we were unable to reproduce the timeout in his terminal w/ an nc test

[Doug-North]

Using 0.12.16
Also occurs with terraform plan.
Cannot deploy anything.

Output of Terraform Init: terraform init -reconfigure -backend=true -backend-config="S3.config:

Initializing modules...

Initializing the backend...

Error: error using credentials to get account ID: error calling sts:GetCallerIdentity: RequestError: send request failed
caused by: Post https://sts.amazonaws.com/: net/http: TLS handshake timeout

[Doug-North]

Possible fix...

I literally terminated my terminal (using iterm2 (Build 3.2.6)), tried again and it worked.

I'm afraid I can't explain the behaviour.

[danieldreier]

@Doug-North @jkaye31 I am very interested in this issue because it seems like a show-stopper when it happens, but lacking a reproduction case I don't know how to move forward on reproducing it. Many enterprise networks have transparent HTTP proxies that transparently intercept HTTPS / TLS requests, so I am wondering if working on your VPN causes you to be subject to a slow or intermittently failing transparent TLS proxy.

I'm going to close this for now because it's not actionable, but if you keep running into this please re-open or file a new issue.

[MichaelCurrin]

Some more info on this. I work with @jkaye31 but from a different location and experienced the same problem on init, using various TF providers.

I have tried clearing files (in particular .terraform.d/checkpoint_signature) and also reinstalling TF. I tried at home without VPN and the problem persisted.

For OS, I am using macOS Mojave version 10.14.5.

[MichaelCurrin]

I didn't change anything since my last comment but the error is now resolved.

In case version is related, after terraform init ran, I also got prompted to upgrade from v0.12.16 to v0.12.18.

[jkaye31]

Just updated the version to v0.12.18 but still not working for me

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.