Not able to install Python packages [SSL: TLSV1_ALERT_PROTOCOL_VERSION]
Following @Anupam's answer on OS X resulted in the following error for me, regardless of permissions I ran it with:
Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: ...
What eventually worked was to download a newer pip package (9.0.3) from PyPI directly from my browser - https://pypi.org/simple/pip/, extract the contents, and then pip install the package locally:
pip install ./pip-9.0.3/
This fixed my [SSL: TLSV1_ALERT_PROTOCOL_VERSION]
errors.
But if the curl
command itself fails with error, or "tlsv1 alert protocol version" persists even after upgrading pip
, it means your operating system's underlying OpenSSL library version<1.0.1
or Python version<2.7.9
(or <3.4
in Python 3) do not support the newer TLS 1.2 protocol that pip
needs to connect to PyPI since about a year ago. You can easily check it in Python interpreter:
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 0.9.8o 01 Jun 2010'
>>> ssl.PROTOCOL_TLSv1_2
AttributeError: 'module' object has no attribute 'PROTOCOL_TLSv1_2'
The AttributeError
(instead of expected '5') means your Python stdlib ssl
module, compiled against old openssl lib, is lacking support for the TLSv1.2 protocol (even if the openssl library can or could be updated later).
Fortunately, it can be solved without upgrading Python (and the whole system), by manually installing extra Python packages -- the detailed step-by-step guide is available here on Stackoverflow.
Note,
curl
andpip
andwget
all depend on the same OpenSSL lib for establishing SSL connections (use$ openssl version
command). libcurl supports TLS 1.2 since curl version 7.34, but older curl versions should be able to connect if you had OpenSSL version 1.0.2 (or later).P.S.
For Python 3, please usepython3
andpip3
everywhere (unless you are in a venv/virtualenv), including thecurl
command from above:$ curl https://bootstrap.pypa.io/get-pip.py | python3 --user
Upgrade pip as follows:
curl https://bootstrap.pypa.io/get-pip.py | python
Note: You may need to use sudo python
above if not in a virtual environment.
(Note that upgrading pip
using pip
i.e pip install --upgrade pip
will also not upgrade it correctly. It's just a chicken-and-egg issue. pip
won't work unless using TLS >= 1.2.)
As mentioned in this detailed answer, this is due to the recent TLS deprecation for pip. Python.org sites have stopped support for TLS versions 1.0 and 1.1.
From the Python status page:
Completed - The rolling brownouts are finished, and TLSv1.0 and TLSv1.1 have been disabled. Apr 11, 15:37 UTC
For PyCharm (virtualenv) users:
Run virtual environment with shell. (replace "./venv/bin/activate" to your own path)
source ./venv/bin/activate
Run upgrade
curl https://bootstrap.pypa.io/get-pip.py | python
Restart your PyCharm instance, and check your Python interpreter in Preference.
@Anupam's solution worked for me. However, I had to use sudo
and specify the exact location of my virtual Python environment:
curl https://bootstrap.pypa.io/get-pip.py | sudo /Users/{your user name}/{path to python}/bin/python