{
  "id": "communication/grpc-connection-reset-by-peer-tls",
  "signature": "rpc error: code = Unavailable desc = connection closed before server preface received",
  "signature_zh": "rpc错误：代码 = Unavailable 描述 = 在收到服务器前言前连接已关闭",
  "regex": "connection closed before server preface received|Unavailable.*connection closed",
  "domain": "communication",
  "category": "network_error",
  "subcategory": null,
  "root_cause": "gRPC client fails to receive the HTTP/2 server preface (the initial SETTINGS frame) due to TLS handshake failure, proxy timeout, or server not supporting HTTP/2 over the negotiated protocol.",
  "root_cause_type": "generic",
  "root_cause_zh": "gRPC客户端因TLS握手失败、代理超时或服务器不支持协商协议上的HTTP/2而无法收到HTTP/2服务器前言（初始SETTINGS帧）。",
  "versions": [
    {
      "version": "gRPC Go v1.62.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "gRPC Python v1.60.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "gRPC Java v1.61.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Envoy proxy v1.29.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "NGINX 1.25.3",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Disable TLS entirely and use plaintext gRPC",
      "why_fails": "Disabling TLS exposes data to eavesdropping and violates security policies; the error may persist if the root cause is proxy timeout, not TLS.",
      "fail_rate": 0.8,
      "condition": "",
      "sources": []
    },
    {
      "action": "Increase the gRPC client timeout to a very high value (e.g., 5 minutes)",
      "why_fails": "A high timeout does not fix the underlying issue—if the server never sends the preface, the connection will still be closed after a long delay.",
      "fail_rate": 0.85,
      "condition": "",
      "sources": []
    },
    {
      "action": "Use HTTP/1.1 instead of HTTP/2 in the proxy configuration",
      "why_fails": "gRPC requires HTTP/2; downgrading to HTTP/1.1 breaks gRPC streaming and causes different errors like 'Unimplemented'.",
      "fail_rate": 0.95,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Verify TLS configuration on the server: ensure the server supports HTTP/2 (requires ALPN with h2). For NGINX, add 'http2 on;' and 'ssl_protocols TLSv1.2 TLSv1.3;' to the server block.",
      "success_rate": 0.85,
      "how": "Verify TLS configuration on the server: ensure the server supports HTTP/2 (requires ALPN with h2). For NGINX, add 'http2 on;' and 'ssl_protocols TLSv1.2 TLSv1.3;' to the server block.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Check if a proxy (e.g., Envoy, NGINX) is stripping the ALPN header or not forwarding HTTP/2; configure the proxy to pass through HTTP/2: for Envoy, set 'typed_config: \"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\"' with 'codec_type: AUTO'.",
      "success_rate": 0.8,
      "how": "Check if a proxy (e.g., Envoy, NGINX) is stripping the ALPN header or not forwarding HTTP/2; configure the proxy to pass through HTTP/2: for Envoy, set 'typed_config: \"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\"' with 'codec_type: AUTO'.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Verify TLS configuration on the server: ensure the server supports HTTP/2 (requires ALPN with h2). For NGINX, add 'http2 on;' and 'ssl_protocols TLSv1.2 TLSv1.3;' to the server block.",
    "Check if a proxy (e.g., Envoy, NGINX) is stripping the ALPN header or not forwarding HTTP/2; configure the proxy to pass through HTTP/2: for Envoy, set 'typed_config: \"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager\"' with 'codec_type: AUTO'."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://grpc.io/docs/guides/error/",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.87,
  "fix_success_rate": 0.83,
  "resolvable": "true",
  "first_seen": "2024-06-15",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}