Broken TLS forwarding and handshake

[OleksandrMykytenko]

Hello, I'm running a pod with Hashicorp's Vault on board. kube-forwarder app works good when I'm using HTTP scheme for accessing Vault. However, yesterday I have switched Vault to HTTPS and for now kube-forwarder breaks TLS handshake. Please see the logs below:

> vault kv list test/test
Get "https://127.0.0.1:8200/v1/sys/internal/ui/mounts/test/test": tls: received record with version 301 when expecting version 303

And Vault log:

http: TLS handshake error from 127.0.0.1:59644: tls: received unexpected handshake message of type *tls.certificateMsg when waiting for *tls.clientHelloMsg

The strange thing is that it works for the very first request, and then is failing forever.

Tested port which was forwarded via kubectl port-forward and it works perfect.

[madogiwa]

I had a similar TLS handshake problem.
In my case, downgrading to version 1.5.0 solved the problem.

[simagick]

This also affects me. I can reproduce this error when using Kube Forwarder, but not kubectl port-forward

Kube Forwarder Versoin: 1.5.1 (1.5.1)
OS: 11.6.1 (20G224)
vault server: 1.9.1
vault client version(s) Vault v1.1.2 (cgo)
kubectl version:

Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.5", GitCommit:"aea7bbadd2fc0cd689de94a54e5b7b758869d691", GitTreeState:"clean", BuildDate:"2021-09-15T21:10:45Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.7-eks-d88609", GitCommit:"d886092805d5cc3a47ed5cf0c43de38ce442dfcb", GitTreeState:"clean", BuildDate:"2021-07-31T00:29:12Z", GoVersion:"go1.15.12", Compiler:"gc", Platform:"linux/amd64"}