Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure #2922

Closed
2 tasks done
laxmimanoj opened this issue Nov 20, 2018 · 17 comments
Closed
2 tasks done

Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure #2922

laxmimanoj opened this issue Nov 20, 2018 · 17 comments
Labels
lifecycle/locked lifecycle/stale version/2.0.0.0-win77

Comments

@laxmimanoj
Copy link

  • I have tried with the latest version of my channel (Stable or Edge)
  • I have uploaded Diagnostics
  • Diagnostics ID:
    690F25FA-DC5C-411D-AB04-DD13F93133E3/20181120160659

Expected behavior

Hello from Docker!

Actual behavior

  • Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure.
    See 'C:\Program Files\Docker\Docker\Resources\bin\docker.exe run --help'.

Information

  • Windows Version: Windows 10 Enterprise
  • Docker for Windows Version: 2.0.0.0-win77 (28777)
    I am trying to install and run Docker on my office laptop running on Windows 10.
    Docker for Windows was installed successfully as I see the output from 'docker version' and 'docker info'

PS H:> docker version
Client: Docker Engine - Community
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:47:51 2018
OS/Arch: windows/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 18.09.0
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:55:00 2018
OS/Arch: linux/amd64
Experimental: true
PS H:>
PS H:>
PS H:>
PS H:> docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 18.09.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.125-linuxkit
Operating System: Docker for Windows
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.934GiB
Name: linuxkit-00155d32440f
ID: 4Y4E:RK6R:HE5C:NASJ:GMGM:XMS5:A2I5:Y46T:WCUC:ZCMC:FS7L:XCKS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 23
Goroutines: 48
System Time: 2018-11-20T23:27:52.5018304Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

  • But I am not able to execute any docker commands like "docker pull nginx" or "docker run hello-world" that make use of the registry DockerHub . The error is always "Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure"
  • But I am able to run commands like "docker network create " and "docker swarm init" successfully.

Clearly, I am missing some configuration related to tls. Please assist on what needs to be done to properly communicate with the registry.

Steps to reproduce the behavior

docker run hello-world
@bastjan
Copy link

bastjan commented Dec 5, 2018

Starting from version 18.09 docker removed support for older tls ciphers.
Do you have an ssl/tls interception proxy? The proxy may not support modern cipher suites or is misconfigured.

Docker requires one of the following cipher suites (copied from a wireshark dump):

Cipher Suites (8 suites)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
    Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

@ryepup
Copy link

ryepup commented Dec 12, 2018

I'm having the same problem, due to a corporate proxy that doesn't support these ciphers. Is there a workaround besides downgrading to https://docs.docker.com/docker-for-windows/release-notes/#docker-community-edition-18061-ce-win73-2018-08-29 ?

@bastjan
Copy link

bastjan commented Dec 16, 2018

Not that I know of. It is currently non configurable. We had to downgrade until a better solution exists.

@docker-robott
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

@jadnhm
Copy link

jadnhm commented Mar 27, 2019

this appears to still be an issue with Docker Desktop 2.0.0.3 (31259)

@UnwashedMeme
Copy link

We're still telling people not to upgrade docker.

@mala-cimbra
Copy link

Sorry if I'm bumping this issue. Are there any workarounds now? Any advice?

@caleb-pierce
Copy link

Also bumping this issue. Working from under corporate roof.

@Ugenx
Copy link

Ugenx commented Oct 7, 2019

Bump because I just ran into this as well. Will work with corporate to attempt to add these ciphers but it sure would be nice to add some ability to override this behavior when necessary.

@ragebflame
Copy link

Also bumping this issue. Working from under corporate roof.

Ditto. Bumping for visibility.

@tuan-nng
Copy link

bump

1 similar comment
@akovac35
Copy link

bump

@akovac35
Copy link

akovac35 commented Nov 13, 2019
edited
Loading

It would help if it would be possible to configure supported cipher suites.

@apfelnymous
Copy link

apfelnymous commented Mar 11, 2020
edited
Loading

Downgrading to 18.06.1 on windows 10 enterprise worked for me, I noticed when I typed docker info on the latest release, the credentials would be hidden with 'x' like
HTTP Proxy: http://xxxxx:xxxxx@host:port. But not after the downgrade. Maybe that points to something.

@zapnoni
Copy link

zapnoni commented Apr 14, 2020

encountered the same issue and downgrading fixed my issue as well:
https://docs.docker.com/docker-for-windows/release-notes/#docker-community-edition-18061-ce-win73-2018-08-29#docker-community-edition-18061-ce-win73-2018-08-29

@apfelnymous
Copy link

I also had to install 18.06.3-ce to avoid this problem on debian buster.

@docker-robott
Copy link
Collaborator

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked

@docker docker locked and limited conversation to collaborators Jul 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/locked lifecycle/stale version/2.0.0.0-win77
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests