-   Linux - Software (
-   -   docker pull to use the highest TLS protocol (

depam 08-20-2016 04:51 AM

docker pull to use the highest TLS protocol
Does a docker host that does a docker pull from a private repository uses the highest TLS protocol version that the server offers? Or does this need to be reconfigured? Anyone knows how I can confirm? Thanks in advance

dijetlo 08-22-2016 05:39 PM

Docker hosts that pull from a private registry do so over https. The registry (web) server has to support both tls and ca-cert validation (though no specific version appears to be required) or it is classified as an "insecure registry". If the registry is identified as insecure in the config, no problem, otherwise you will be required to use the --insecure-registry switch with the pull
Configuration options relating to TLS

certificate: /path/to/x509/public
key: /path/to/x509/private
- /path/to/ca.pem
- /path/to/another/ca.pem
cachefile: /path/to/cache-file

depam 08-24-2016 05:26 PM

Thanks for the inputs. Yes. There is ca-cert validation but from the link below, it doesn't really say how you can force to use a specific protocol version. I confirmed that they are able to negotiate via 1.2 from openssl s_client but I guess what I am looking for is to force the docker pull to use TLS1.

All times are GMT -5. The time now is 05:56 AM.