devstack

Bug #1741097
Comment #0

Comment 0 for bug 1741097

Revision history for this message

Jim Rollenhagen (jim-rollenhagen) wrote on 2018-01-03: Installing pip fails on RHEL 7.1 with SSL error

RHEL 7 curl does not support TLS > 1.0 by default, per this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=1170339

And it seems bootstrap.pypi.io only supports TLS 1.2: https://www.ssllabs.com/ssltest/analyze.html?d=bootstrap.pypa.io&s=151.101.192.175

Passing --tlsv1 to curl here will force curl to speak any TLS 1.x version.

Logs from devstack:

2018-01-03 18:01:49.425 | + tools/install_pip.sh:install_get_pip:87 : curl -f --retry 6 --retry-delay 5 -o /opt/stack/devstack/files/get-pip.py https://bootstrap.pypa.io/get-pip.py
2018-01-03 18:01:49.430 | % Total % Received % Xferd Average Speed Time Time Time Current
2018-01-03 18:01:49.430 | Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
2018-01-03 18:01:49.700 | curl: (35) Peer reports incompatible or unsupported protocol version.

and further tests:

$ curl -I -v https://bootstrap.pypa.io/get-pip.py
* About to connect() to bootstrap.pypa.io port 443 (#0)
* Trying 151.101.44.175...
* Connected to bootstrap.pypa.io (151.101.44.175) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12190 (SSL_ERROR_PROTOCOL_VERSION_ALERT)
* Peer reports incompatible or unsupported protocol version.
* Closing connection 0
curl: (35) Peer reports incompatible or unsupported protocol version.
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.4 (Maipo)