来自守护程序的错误响应:获取https://registry-1.docker.io/v2/:远程错误:tls:握手失败

时间:2019-09-10 17:56:34

标签: linux docker ubuntu ssl openssl

我正在使用以下版本的公司代理运行docker:

Client: Docker Engine - Community
 Version:           19.03.2
 API version:       1.40
 Go version:        go1.12.8
 Git commit:        6a30dfc
 Built:             Thu Aug 29 05:29:11 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.2
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.8
  Git commit:       6a30dfc
  Built:            Thu Aug 29 05:27:45 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.6
  GitCommit:        894b81a4b802e4eb2a91d1ce216b8817763c29fb
 runc:
  Version:          1.0.0-rc8
  GitCommit:        425e105d5a03fabd737a126ad93d62a9eeede87f
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

在Ubuntu 18.04服务器上。

我已经正确配置了代理,码头工人似乎正在使用它。但是,任何docker logindocker pull hello-world调用都会导致Error response from daemon: Get https://registry-1.docker.io/v2/: remote error: tls: handshake failure

我已经将企业根证书安装到本地信任存储中,并且在运行时似乎可以正常运行,如以下openssl输出所示:

openssl s_client -proxy proxy:3128 -connect registry-1.docker.io:443 -showcerts

修订证书


No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 6586 bytes and written 546 bytes
Verification: OK
---
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 7D9CA79CAB0343D8F2B4B2288FCF0CC98721AC07C0FCBAB39BC6E344E5C1E658
    Session-ID-ctx:
    Master-Key: E841987D8259CD5BB07C5BE4918A64BA10B9D5DE49352A2367B7AE00F4A482205E6ED7C1C8ECAB56D136C54FD943049F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1568137963
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

任何人都可能导致此问题的原因是什么

1 个答案:

答案 0 :(得分:0)

我也一直在使用docker:dind对此进行挣扎,并在此处https://discourse.drone.io/t/docker-dind-image-behind-a-proxy/7833

进行发布。

我刚刚发现的是,如果我使用docker:18.06.0-dind,那么它将起作用。我认为也许更高版本的docker使用的是您的代理不支持的tls密码。这个人谈论这个https://github.com/docker/for-win/issues/2922#issuecomment-444431310

通过将使用代理的tls指向https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

,可以获取有关代理tls的信息

我将尝试对代理(鱿鱼)进行分类,因此如果我愿意的话,它将支持docker 19。

更多信息:

此处https://github.com/docker/for-linux/issues/487

此处https://forums.docker.com/t/docker-behing-transparent-proxy-and-intermediate-cert/74860/4