Ask questionsTerraform provider downloads fail with TLS handshake timeout

Terraform Version


Expected Behavior

We are running terraform as part of a Jenkins CI system. Basically every job builds a docker container containing terraform and then executes a tectonic installer in said container.

Terraform should download the providers and their checksums

Actual Behavior

` Error installing provider "aws": error fetching checksums: Get net/http: TLS handshake timeout.

Terraform analyses the configuration and state and automatically downloads plugins for the providers used. However, when attempting to download this plugin an unexpected error occured.

This may be caused if for some reason Terraform is unable to reach the plugin repository. The repository may be unreachable if access is blocked by a firewall. `

This happens with several other providers as well.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. Run terraform apply inside a container which runs a container executing terraform apply

Important Factoids

I attached to the container running terraform and executed curl: ``root@jenkins-slave-4s7xc-r828q:~# docker exec -it 3e85ee5a4d9b curl -v

  • Hostname was NOT found in DNS cache
  • Trying
  • Connected to ( port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server key exchange (12):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
  • Server certificate:
  • subject: C=US; ST=California; L=San Francisco; O=Fastly, Inc;
  • start date: 2017-06-19 20:08:43 GMT
  • expire date: 2018-06-20 20:08:43 GMT
  • subjectAltName: matched
  • issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign CloudSSL CA - SHA256 - G3
  • SSL certificate verify ok.

GET /terraform-provider-tls/0.1.0/terraform-provider-tls_0.1.0_SHA256SUMS HTTP/1.1 User-Agent: curl/7.38.0 Host: Accept: /

< HTTP/1.1 200 OK <``

So there must be a difference in how curl handles TLS and how terraform does it.


Answer questions dgmorales

I'm on Mojave 10.14.5, and I'm getting the same "net/http: TLS handshake timeout" message on init when it tries to access my remote state backend on azurerm. Puzzling as it is, sudoing works, specially because I'm using sudo -E to preserve the environment (to access the ARM_ACCESS_KEY env var I've set on my regular user session).

terraform init
Initializing modules...

Initializing the backend...

Error: Failed to get existing workspaces: Get net/http: TLS handshake timeout

Additionaly, terraform plan works fine without sudo, despite that it also has to access the state.

Github User Rank List