Compose: SSL error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)

Created on 17 Jan 2019  Â·  6Comments  Â·  Source: docker/compose

Description of the issue

Context information (for bug reports)

Output of docker-compose version

docker-compose version 1.8.0, build unknown
docker-py version: 1.9.0
CPython version: 2.7.12
OpenSSL version: OpenSSL 1.0.2g  1 Mar 2016

Output of docker version

Client:
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.10.6
 Git commit:        4c52b90
 Built:             Wed Jan  9 19:35:23 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       4c52b90
  Built:            Wed Jan  9 19:02:44 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker-compose config
(Make sure to add the relevant -f and other flags)

networks: {}
services:
  web:
    build:
      context: /home/deni5n/RubymineProjects/untitled
    command: bundle exec rails s -p 3000 -b '0.0.0.0'
    environment:
      RAILS_ENV: production
    ports:
    - 3000:3000
    volumes:
    - /home/deni5n/RubymineProjects/untitled:/myapp:rw
version: '2.0'
volumes: {}

Steps to reproduce the issue

  1. eval $(docker-machine env tmp)
  2. docker-compose up
    it`s all

Observed result

error (((

Expected result

start docker container

Stacktrace / full error message

ERROR: SSL error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)

picture deni5n

Most helpful comment

set "export COMPOSE_TLS_VERSION=TLSv1_2" on my zsh

picture deni5n on 18 Jan 2019
👍6014 🎉13 🚀5 😄5

All 6 comments

set "export COMPOSE_TLS_VERSION=TLSv1_2" on my zsh

deni5n picture deni5n on 18 Jan 2019
👍6014 🎉13 🚀5 😄5

set "export COMPOSE_TLS_VERSION=TLSv1_2" on my zsh

set "export COMPOSE_TLS_VERSION=TLSv1_2" on my zsh

when I set TLSv1_2, I still got following errors:

(run_sandbox) lvlin@186590e02047 ~/Proj/onebox > export COMPOSE_TLS_VERSION=TLSv1_2
(run_sandbox) lvlin@186590e02047 ~/Proj/onebox > docker-compose -f metadb.yml up
WARNING: The "TLSv1_2" protocol is unavailable. You may need to update your version of Python or OpenSSL. Falling back to TLSv1 (default).
WARNING: The "TLSv1_2" protocol is unavailable. You may need to update your version of Python or OpenSSL. Falling back to TLSv1 (default).
ERROR: SSL error: HTTPSConnectionPool(host='192.168.99.100', port=2376): Max retries exceeded with url: /v1.25/info (Caused by SSLError(SSLError(1, u'[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)'),))

checking dockerd log in vm, it shows:

time="2019-02-07T14:41:22.539447147+08:00" level=info msg="API listen on [::]:2376"
time="2019-02-07T14:41:22.539531565+08:00" level=info msg="API listen on /var/run/docker.sock"
2019-02-07 14:41:28.665150 I | http: TLS handshake error from 192.168.99.1:52224: tls: client offered an unsupported, maximum protocol version of 301

it looks dockerd service doesn't support TLSv1_2. how to make both dockerd server and docker-compose cli align on TLS version?

linview picture linview on 7 Feb 2019

PS C:\TFS\guycarp-poc\guycarp-api> docker --version
Docker version 18.02.0-ce, build fc4de447b5
PS C:\TFS\guycarp-poc\guycarp-api> docker-compose --version
docker-compose version 1.19.0, build 9e633ef3
PS C:\TFS\guycarp-poc\guycarp-api> docker-machine env default
$Env:DOCKER_TLS_VERIFY = "1"
$Env:DOCKER_HOST = "tcp://192.168.99.102:2376"
$Env:DOCKER_CERT_PATH = "C:\Users\U1123452.docker\machine\machines\default"
$Env:DOCKER_MACHINE_NAME = "default"
$Env:COMPOSE_CONVERT_WINDOWS_PATHS = "true"
Run this command to configure your shell:
"C:\Program Files\Docker Toolbox\docker-machine.exe env default | Invoke-Expression"
PS C:\TFS\guycarp-poc\guycarp-api> docker-machine ls
| NAME | ACTIVE | DRIVER | STATE | URL | SWARM | DOCKER | ERRORS |
| --- | --- | --- | --- | --- | --- | --- | --- |
| default- virtualbox |Running | | Running |tcp://192.168.99.102:2376 || v18.09.6 |

PS C:\TFS\guycarp-poc\guycarp-api> docker-machine start default
Starting "default"...
Machine "default" is already running.
PS C:\TFS\guycarp-poc\guycarp-api>docker-compose -f .\docker-compose.yml up --build -d
ERROR: Couldn't connect to Docker daemon - you might need to run `docker-machine start default.

tusharbudhe0302 picture tusharbudhe0302 on 14 May 2019

@deni5n thanks man , you save me , i was stucked in 5 hours

rafaelmpessoa picture rafaelmpessoa on 24 Dec 2019

@deni5n 's solution worked for me, but is there a way this can be fixed within compose itself?

awalias picture awalias on 10 Feb 2020

Important to call this command:

set COMPOSE_TLS_VERSION=TLSv1_2

and not:
set "export COMPOSE_TLS_VERSION=TLSv1_2"

wowkin2 picture wowkin2 on 4 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dazorni picture dazorni  Â·  3Comments
giggio picture giggio  Â·  3Comments
davidbarratt picture davidbarratt  Â·  3Comments
komuw picture komuw  Â·  3Comments
CrimsonGlory picture CrimsonGlory  Â·  3Comments