Can't upgrade pip 1.5.4 on Ubuntu 14.04 - InsecurePlatformWarning: A true SSLContext object is not available

Question

I am currently running pip, version 1.5.4 on Ubuntu 14.04, and python 2.7.6 and cannot upgrade pip to the latest version.

When I run pip install --upgrade pip I get the following error:

Cannot fetch index base URL https://pypi.python.org/simple/ Could not find any downloads that satisfy the requirement pip in ./.venv/lib/python2.7/site-packages Downloading/unpacking pip Cleaning up... No distributions at all found for pip in ./.venv/lib/python2.7/site-packages Storing debug log for failure in /home/buffcat/.pip/pip.log

And when I try to upgrade using get-pip.py I get the following ssl error:

/tmp/tmpKVfWOr/pip.zip/pip/_vendor/urllib3/util/ssl_.py:369: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings /tmp/tmpKVfWOr/pip.zip/pip/_vendor/urllib3/util/ssl_.py:160: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '_ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'),)': /simple/pip/

What can I do to upgrade pip on my machine?

Answer 1

While it is not recommended to upgrade Ubuntu system pip (the one from the Ubuntu distribution-supplied python-pip debian package) bypassing apt-get, it is acceptable to do so in a venv/virtualenv or at your user home dir level (the --user pip option). This way allows to use it without conflicting with "system" pip. It seems you were working inside a virtualenv, which is a good practice.

The SSLError is caused by the fact that your system's underlying OpenSSL library version<1.0.1 and Python version<2.7.9 do not support the newer TLS protocol version 1.2 that PyPI expects since about a year ago. And so pip cannot connect to PyPI over the older SSL/TLS protocols any longer.
You can check the versions with:
$ python -c "import ssl; print(ssl.OPENSSL_VERSION)" && openssl version
The error may be reproduced even without pip, with something like:
$ curl -i https://pypi.org/simple/ --tlsv1
curl: (35) error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version

Because pip is unable to connect to PyPI, we can upgrade it manually:

• In Firefox, open the Python Package Index official webpage and locate the pip project,
• Choose "Download Files" there -- here is a direct link: https://pypi.org/project/pip/#files
• Click on the recent pip package file in wheel format (.whl) to download,

• Install in the venv/virtualenv you've been working on, for example:

      $ source bin/activate
      (venv) $ pip install --no-index ~/Downloads/pip-19.0.1-py2.py3-none-any.whl
      (venv) $ pip --version
       pip 19.0.1 from ...
  

But upgrading/installing the newer pip version is half the battle. For it to be able to connect to PyPI, we need to resolve the root cause: the InsecurePlatformWarning .. Caused by SSLError .. SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version'. To fix it, you'll need to manually install (in the same way) additional packages besides pip. The detailed step-by-step guide here on Stackoverflow: Unable to install Python packages using pip in Ubuntu Linux: InsecurePlatformWarning, SSLError, tlsv1 alert protocol version