Not able to install Python packages [SSL: TLSV1_ALERT_PROTOCOL_VERSION]
I am trying to install a Python library using pip, getting an SSL error:
~/projects/base pre-master± pip install xdict
Collecting xdict
Could not fetch URL https://pypi.python.org/simple/xdict/: There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590) - skipping
Could not find a version that satisfies the requirement xdict (from versions: )
No matching distribution found for xdict
pip version: pip 9.0.1
How do I fix this error?
Solution 1:
Upgrade pip as follows:
curl https://bootstrap.pypa.io/get-pip.py | python
Note: You may need to use sudo python above if not in a virtual environment.
(Note that upgrading pip using pip i.e pip install --upgrade pip will also not upgrade it correctly. It's just a chicken-and-egg issue. pip won't work unless using TLS >= 1.2.)
As mentioned in this detailed answer, this is due to the recent TLS deprecation for pip. Python.org sites have stopped support for TLS versions 1.0 and 1.1.
From the Python status page:
Completed - The rolling brownouts are finished, and TLSv1.0 and TLSv1.1 have been disabled. Apr 11, 15:37 UTC
For PyCharm (virtualenv) users:
-
Run virtual environment with shell. (replace "./venv/bin/activate" to your own path)
source ./venv/bin/activate -
Run upgrade
curl https://bootstrap.pypa.io/get-pip.py | python Restart your PyCharm instance, and check your Python interpreter in Preference.
Solution 2:
But if the curl command itself fails with error, or "tlsv1 alert protocol version" persists even after upgrading pip, it means your operating system's underlying OpenSSL library version<1.0.1 or Python version<2.7.9 (or <3.4 in Python 3) do not support the newer TLS 1.2 protocol that pip needs to connect to PyPI since about a year ago. You can easily check it in Python interpreter:
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 0.9.8o 01 Jun 2010'
>>> ssl.PROTOCOL_TLSv1_2
AttributeError: 'module' object has no attribute 'PROTOCOL_TLSv1_2'
The AttributeError (instead of expected '5') means your Python stdlib ssl module, compiled against old openssl lib, is lacking support for the TLSv1.2 protocol (even if the openssl library can or could be updated later).
Fortunately, it can be solved without upgrading Python (and the whole system), by manually installing extra Python packages -- the detailed step-by-step guide is available here on Stackoverflow.
Note,
curlandpipandwgetall depend on the same OpenSSL lib for establishing SSL connections (use$ openssl versioncommand). libcurl supports TLS 1.2 since curl version 7.34, but older curl versions should be able to connect if you had OpenSSL version 1.0.2 (or later).
P.S.
For Python 3, please usepython3andpip3everywhere (unless you are in a venv/virtualenv), including thecurlcommand from above:$ curl https://bootstrap.pypa.io/get-pip.py | python3 --user
Solution 3:
Following @Anupam's answer on OS X resulted in the following error for me, regardless of permissions I ran it with:
Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: ...
What eventually worked was to download a newer pip package (9.0.3) from PyPI directly from my browser - https://pypi.org/simple/pip/, extract the contents, and then pip install the package locally:
pip install ./pip-9.0.3/
This fixed my [SSL: TLSV1_ALERT_PROTOCOL_VERSION] errors.
Solution 4:
@Anupam's solution worked for me. However, I had to use sudo and specify the exact location of my virtual Python environment:
curl https://bootstrap.pypa.io/get-pip.py | sudo /Users/{your user name}/{path to python}/bin/python