VIC Reports "SSL error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION]" for Docker-Compose
search cancel

VIC Reports "SSL error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION]" for Docker-Compose

book

Article ID: 340134

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
  • Running docker-compose commands with option "--tls" or "--tlsverify" results in the message:

 

ERROR: SSL error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661)

 

  • If the command docker-compose is ran with the option "--verbose" the results similar to:
# docker-compose --verbose --tls --tlscacert ./server-cert.pem -H <VCH_IP>:2376 -f docker-compose.yml up -d
compose.config.config.find: Using configuration files: ./Multi-Container_Applications.yml
docker.auth.find_config_file: Trying paths: ['/root/.docker/config.json', '/root/.dockercfg']
docker.auth.find_config_file: No config file found
urllib3.connectionpool._new_conn: Starting new HTTPS connection (1): 192.168.100.50
Traceback (most recent call last):
  File "bin/docker-compose", line 6, in <module>
  File "compose/cli/main.py", line 71, in main
  File "compose/cli/main.py", line 121, in perform_command
  File "compose/cli/command.py", line 37, in project_from_options
  File "compose/cli/command.py", line 99, in get_project
  File "compose/cli/command.py", line 74, in get_client
  File "site-packages/docker/api/daemon.py", line 177, in version
  File "site-packages/docker/utils/decorators.py", line 46, in inner
  File "site-packages/docker/api/client.py", line 191, in _get
  File "site-packages/requests/sessions.py", line 521, in get
  File "site-packages/requests/sessions.py", line 508, in request
  File "site-packages/requests/sessions.py", line 618, in send
  File "site-packages/requests/adapters.py", line 519, in send
requests.exceptions.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] 
tlsv1 alert protocol version (_ssl.c:661)
 Failed to execute script docker-compose


Environment

VMware vSphere Integrated Containers 1.x

Cause

This issue occurs because VIC only supports TLSv1.2. The command docker-compose default behavior is to connect utilizing TLSv1 connections.

Resolution

To resolve this issue, see the TSL Authentication section in the vSphere Integrated Containers How to Manage the Application Lifecycle with docker-compose and VIC engine documentation

 


Additional Information

Use protocol TLS v1.0 by default when none is set.

Add support for COMPOSE_TLS_VERSION config option


Powered by Wolken Software