#TLS Handshake errors

Getting the following tls handshake errors on trident 23.01

2023/03/03 16:22:14 http: TLS handshake error from <nodeip>:38338: EOF
2023/03/03 16:22:24 http: TLS handshake error from <nodeip>:38644: EOF

This causes the trident-node-linux pods to restart regularly. I haven't done anything with certs or tls config. I simply ran ./tridentctl install --use-custom-yaml -n trident to install. The only thing I changed in the yaml files were resource requests/limits, and the locations for the container images since we don't have access to public docker registries internally. Should I have done something with the certs prior to deployment?

Are you using FIPS?

Possibly.... https://kb.netapp.com/Advice_and_Troubleshooting/Cloud_Services/Astra_Trident/Trident_does_not_run_due_to_TLSv1.2_mismatch_on_Openshift_FIPS_setup

We're not running openshift, these are bare metal nodes running flatcar. But i tried the solution in that article, and now the trident-main container is failing with: ```
Warning Unhealthy 30m (x8 over 50m) kubelet Startup probe failed: OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: "curl": executable file not found in $PATH": unknown

That means that curl isn't installed on the K8S worker node.

It looks like there are several reported issues with TLS handshake errors outside of Trident. This includes a reported bug in Go: https://github.com/golang/go/issues/50984

hm, yeah we don't have curl installed on the hosts...what is suggested in this case? Should we roll back to an earlier version of trident that doesn't rely on tls 1.3?

I don't think your issue is TLS 1.3 since "tls: client offered only unsupported versions" isn't part of the error message you're reporting.