I am trying to install a Python library using pip, getting an SSL error:

~/projects/base  pre-master±  pip install xdict

Collecting xdict
  Could not fetch URL https://pypi.python.org/simple/xdict/: There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590) - skipping
  Could not find a version that satisfies the requirement xdict (from versions: )
No matching distribution found for xdict

pip version: pip 9.0.1

How do I fix this error?

Upgrade pip as follows:

curl https://bootstrap.pypa.io/get-pip.py | python

Note: You may need to use sudo python above if not in a virtual environment.

(Note that upgrading pip using pip i.e pip install --upgrade pip will also not upgrade it correctly. It's just a chicken-and-egg issue. pip won't work unless using TLS >= 1.2.)

As mentioned in this detailed answer, this is due to the recent TLS deprecation for pip. Python.org sites have stopped support for TLS versions 1.0 and 1.1.

From the Python status page:

Completed - The rolling brownouts are finished, and TLSv1.0 and TLSv1.1 have been disabled. Apr 11, 15:37 UTC

For PyCharm (virtualenv) users:

1. Run virtual environment with shell. (replace "./venv/bin/activate" to your own path)

   source ./venv/bin/activate
   

2. Run upgrade

   curl https://bootstrap.pypa.io/get-pip.py | python
   

3. Restart your PyCharm instance, and check your Python interpreter in Preference.

But if the curl command itself fails with error, or "tlsv1 alert protocol version" persists even after upgrading pip, it means your operating system's underlying OpenSSL library version<1.0.1 or Python version<2.7.9 (or <3.4 in Python 3) do not support the newer TLS 1.2 protocol that pip needs to connect to PyPI since about a year ago. You can easily check it in Python interpreter:

>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 0.9.8o 01 Jun 2010'
>>> ssl.PROTOCOL_TLSv1_2
 AttributeError: 'module' object has no attribute 'PROTOCOL_TLSv1_2'

The AttributeError (instead of expected '5') means your Python stdlib ssl module, compiled against old openssl lib, is lacking support for the TLSv1.2 protocol (even if the openssl library can or could be updated later).

Fortunately, it can be solved without upgrading Python (and the whole system), by manually installing extra Python packages -- the detailed step-by-step guide is available here on Stackoverflow.

Note, curl and pip and wget all depend on the same OpenSSL lib for establishing SSL connections (use $ openssl version command). libcurl supports TLS 1.2 since curl version 7.34, but older curl versions should be able to connect if you had OpenSSL version 1.0.2 (or later).

---

P.S.
For Python 3, please use python3 and pip3 everywhere (unless you are in a venv/virtualenv), including the curl command from above:
$ curl https://bootstrap.pypa.io/get-pip.py | python3 --user

Following @Anupam's answer on OS X resulted in the following error for me, regardless of permissions I ran it with:

Could not install packages due to an EnvironmentError: [Errno 13] Permission denied: ...

What eventually worked was to download a newer pip package (9.0.3) from PyPI directly from my browser - https://pypi.org/simple/pip/, extract the contents, and then pip install the package locally:

pip install ./pip-9.0.3/

This fixed my [SSL: TLSV1_ALERT_PROTOCOL_VERSION] errors.

@Anupam's solution worked for me. However, I had to use sudo and specify the exact location of my virtual Python environment:

curl https://bootstrap.pypa.io/get-pip.py | sudo /Users/{your user name}/{path to python}/bin/python

To upgrade the local version I used a slight variant:

curl https://bootstrap.pypa.io/get-pip.py | python - --user

This problem arises if you keep your pip and packages under your home directory as described in this gist.

Check your TLS version:

python2 -c "import urllib2,json; print(json.loads(urllib2.urlopen('https://www.howsmyssl.com/a/check').read())['tls_version'])"

If your TLS version is less than 1.2 you have to upgrade it since the PyPI repository is on a brownout period of deprecating early TLS.

Source - Time To Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory

You can upgrade the TLS version using the following command:

sudo apt-get update && sudo apt-get install openssl libssl-dev

This should fix your problem. Good luck!

EDIT: You can download packages using your own private python package repository regardless of TLS version. Private Python Package Repository

The following solution worked for me:

brew install python2

It also upgraded pip to version 1.10.1

For all the python3 and pip3 users out there:

curl https://bootstrap.pypa.io/get-pip.py | sudo python3

and then assume you want to install pandas

pip3 install pandas --user

For Python2 WIN10 Users:

1.Uninstall python thoroughly ,include all folders.

2.Fetch and install the lastest python-2.7.msi (ver 2.7.15)

3.After step 2,you may find pip had been installed too.

4.Now ,if your system'env haven't been changed,you can use pip to install packages now.The "tlsv1 alert protocol version" will not appear.

This worked for me. Add sudo before python

curl https://bootstrap.pypa.io/get-pip.py |sudo python

I tried all existing fixes and not working for me

I re-install python 2.7 (will also install pip) by downloading .pkg at https://www.python.org/downloads/mac-osx/

works for me after installation downloaded pkg

I ran into this problem as well. The underlying problem is that the ssl library in Python 2.7 versions < 2.7.9 is no longer compatible with the pip mechanism.

If you are running on Windows, and you (like us) can't easily upgrade from an incompatible version of 2.7, FWIW, I found that if you copy the following files from another install of the latest version of Python (e.g. Python 2.7.15) on another machine to your installation:

    Lib\ssl.py
    libs\_ssl.lib
    DLLs\_ssl.dll

it will effectively "upgrade" your SSL layer to one which is supported; we were then be able to use pip again, even to upgrade pip.

The answers of installing pip via:

1. curl https://bootstrap.pypa.io/get-pip.py |sudo python or
2. curl https://bootstrap.pypa.io/get-pip.py | python

did not work for me as I kept on getting the error:

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.",)) - skipping
ERROR: Could not find a version that satisfies the requirement pip (from versions: none)
ERROR: No matching distribution found for pip

I had to install pip manually via:

1. Go the pip distribution website
2. Download the tar.gz version
3. Unpack the file locally and cd into the directory
4. run python setup.py install

This worked for me, I installed latest version of pip and then installed the library (ciscoconfparse).

Upgrading pip:

curl https://bootstrap.pypa.io/get-pip.py | sudo /Users/{your user name}/{path to python}/bin/python

I also hit this problem on my windows10 and tried all the answers but didn't solve my problem.

C:\python367\Scripts>pip install Flask

Collecting Flask Could not find a version that satisfies the requirement Flask (from versions: ) No matching distribution found for Flask

After that, I find the pip configuration file had been modified. So, I set the pip.ini as the original default configuration, re-run the pip command and it works for me!

In summary of the solution of mine:

1. Check the pip.ini (usually under the path C:\ProgramData\pip) had been modified;

2. If yes in step1, try to reset it to a default configuration.

myenv:

python 2.7.14

pip 9.0.1

mac osx 10.9.4

mysolution:

1. download get-pip.py manually from https://packaging.python.org/tutorials/installing-packages/

2. run python get-pip.py

refs:

https://github.com/pypa/warehouse/issues/3293#issuecomment-378468534

https://packaging.python.org/tutorials/installing-packages/

Securely Download get-pip.py [1]

Run python get-pip.py. [2] This will install or upgrade pip. Additionally, it will install setuptools and wheel if they’re not installed already.

Ensure pip, setuptools, and wheel are up to date

While pip alone is sufficient to install from pre-built binary archives, up to date copies of the setuptools and wheel projects are useful to ensure you can also install from source archives:

python -m pip install --upgrade pip setuptools wheel

Or simply the required library just isn't in the repo. I'm Python newbie and all advices about upgrading pip finally shown as misleading. I had just to look into https://pypi.org/ , finding the library (airflow in my case) stopped at some old version, after which it was renamed. Yes, also that silly solution is also possible :-).