Has anyone found a definitive way to fix the SSL: TLSV1_ALERT_PROTOCOL_VERSION error?

This problem is still here and causing me big problems:

...
default: Running ansible-galaxy...
- downloading role 'composer', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-composer/archive/1.7.0.tar.gz
 [ERROR]: failed to download the file: Failed to validate the SSL certificate
for github.com:443. Make sure your managed systems have a valid CA certificate
installed. You can use validate_certs=False if you do not need to confirm the
servers identity but this is unsafe and not recommended. Paths checked for this
platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception
msg was: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
(_ssl.c:590).

 [WARNING]: - composer was NOT installed successfully.

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
...

I have spent all day trying to find a solution to this. I’ve updated ansible and python and fiddled with other settings. I’ve read several posts about it, including this one about the new crypto standard and this one github/geerlingguy that refers back to another one on here. All to no avail.

Please can someone come forward with a robust fix to this pretty big problem. You will be hailed a hero!

1 Like

Have you tried the accepted solution in this post? Github and new Cryptographic Standard

2 Likes

I followed the advice on that post and installed ansible version 2.4.2, via pip, then updated python to 2.7.10. Then updated ansible to 2.5.0. Not sure what else to do? Uninstall ansible and try again using homebrew? All seems a little suck-it-and-see.

1 Like

The specific issue that post addresses is not updating python (although that’s important): It’s that Homebrew does not “replace” the default system version of Python that MacOS insists on—and it’s the system Python that Ansible uses. You have to make a symbolic link to the version of python that Homebrew installs to replace MacOS’s system python: https://stackoverflow.com/questions/5157678/python-homebrew-by-default/48314058#48314058

But I didn’t install via homebrew.

Thanks @alwaysblank, I’ve now unistalled the pip version and installed ansible via homebrew. I also did the symlink (it was the first thing I attempted some hours back). And it’s finally working!

2 Likes

Uninstalling pip version and installing via homebrew is the only thing that worked for me as well.

2 Likes