Bug describtion

I have an installation of kes using Hashicorp Vault as the backing keystore, and every minute I see the following in the Vault logs:

[INFO]  http: TLS handshake error from {kes-ip}:{random-port}: EOF

This appears to be inevitable given the way that the once-per-minute status check in internal/vault/vault.go first attempts a simple TCP reachability check

before going on to make a proper TLS connection to fetch the Vault health data. This TCP check does not complete the TLS handshake, which triggers the error message on the server side.

Expected behavior

Since the Status function always follows the TCP check with a proper TLS connection, there seems little value in doing both checks - just the properly handshaken fetch of the health data would be sufficient to also check reachability.

Additional context

This kind of log spam is a known issue for anything that does plain TCP health checks against Vault, e.g. hashicorp/vault#7471