Please check your version of Docker!

In Microsoft, we are constantly in search of ways to improve security for our customers. Customers must feel safe when using our services and leaving their precious data in our hands. Sometimes this requires our customers and partners to update client software and this blog post is a warning about just that.

Transport Layer Security (TLS v1.2)

Within the next month…

Before December 31st 2019…

Microsoft will harden security on our docker registries (both mcr.microsoft.com and bcinsider.azurecr.io) and set the required transport level security to v1.2.

This means that all computers running a version of Docker, which doesn’t support TLS v1.2, no longer will be able to pull any Microsoft official images from Microsoft registries.

Only docker 18.03.0 or above

Open a command prompt and run docker version.

Client: Docker Engine - Community
 Version: 19.03.5
 API version: 1.40
 Go version: go1.12.12
 Git commit: 633a0ea
 Built: Wed Nov 13 07:22:37 2019
 OS/Arch: windows/amd64
 Experimental: false

Server: Docker Engine - Community
 Engine:
  Version: 19.03.5
  API version: 1.40 (minimum version 1.24)
  Go version: go1.12.12
  Git commit: 633a0ea
  Built: Wed Nov 13 07:36:50 2019
  OS/Arch: windows/amd64
  Experimental: false

if the docker client or server version is lower than 18.03.0you need to update.

Warning

NavContainerHelper also displays the docker version when creating containers:

NavContainerHelper is version 0.6.4.20
NavContainerHelper is running as administrator
Host is Microsoft Windows 10 Pro - ltsc2019
Docker Client Version is 19.03.5
Docker Server Version is 19.03.5

You should be able to see this in the build output of the agents used by your CI/CD pipelines. With the next version of NavContainerHelper, you will also see a warning if your version of docker is prior to 18.03.0:

WARNING: Microsoft container registries will switch to TLS v1.2 very soon and your version of Docker does not support this. You should install a new version of docker asap (version 18.03.0 or later)

This will be visible in the output of your build agent in CI/CD scenarios when using NavContainerHelper.

 

Enjoy

Freddy Kristiansen
Technical Evangelist

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s