RHEL 7 curl does not support TLS > 1.0 by default, per this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1170339
And it seems bootstrap.pypi.io only supports TLS 1.2: https://www.ssllabs.com/ssltest/analyze.html?d=bootstrap.pypa.io&s=151.101.192.175
Passing --tlsv1 to curl here will force curl to speak any TLS 1.x version.
Logs from devstack:
2018-01-03 18:01:49.425 | + tools/install_pip.sh:install_get_pip:87 : curl -f --retry 6 --retry-delay 5 -o /opt/stack/devstack/files/get-pip.py https://bootstrap.pypa.io/get-pip.py 2018-01-03 18:01:49.430 | % Total % Received % Xferd Average Speed Time Time Time Current 2018-01-03 18:01:49.430 | Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 2018-01-03 18:01:49.700 | curl: (35) Peer reports incompatible or unsupported protocol version.
and further tests:
$ curl -I -v https://bootstrap.pypa.io/get-pip.py * About to connect() to bootstrap.pypa.io port 443 (#0) * Trying 151.101.44.175... * Connected to bootstrap.pypa.io (151.101.44.175) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12190 (SSL_ERROR_PROTOCOL_VERSION_ALERT) * Peer reports incompatible or unsupported protocol version. * Closing connection 0 curl: (35) Peer reports incompatible or unsupported protocol version. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.4 (Maipo)
RHEL 7 curl does not support TLS > 1.0 by default, per this bugzilla: https:/ /bugzilla. redhat. com/show_ bug.cgi? format= multiple& id=1170339
And it seems bootstrap.pypi.io only supports TLS 1.2: https:/ /www.ssllabs. com/ssltest/ analyze. html?d= bootstrap. pypa.io& s=151.101. 192.175
Passing --tlsv1 to curl here will force curl to speak any TLS 1.x version.
Logs from devstack:
2018-01-03 18:01:49.425 | + tools/install_ pip.sh: install_ get_pip: 87 : curl -f --retry 6 --retry-delay 5 -o /opt/stack/ devstack/ files/get- pip.py https:/ /bootstrap. pypa.io/ get-pip. py
2018-01-03 18:01:49.430 | % Total % Received % Xferd Average Speed Time Time Time Current
2018-01-03 18:01:49.430 | Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
2018-01-03 18:01:49.700 | curl: (35) Peer reports incompatible or unsupported protocol version.
and further tests:
$ curl -I -v https:/ /bootstrap. pypa.io/ get-pip. py tls/certs/ ca-bundle. crt PROTOCOL_ VERSION_ ALERT)
* About to connect() to bootstrap.pypa.io port 443 (#0)
* Trying 151.101.44.175...
* Connected to bootstrap.pypa.io (151.101.44.175) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/
CApath: none
* NSS error -12190 (SSL_ERROR_
* Peer reports incompatible or unsupported protocol version.
* Closing connection 0
curl: (35) Peer reports incompatible or unsupported protocol version.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)