# Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: TLS handshake timeout - **ID:** `docker/tls-handshake-timeout` - **Domain:** docker - **Category:** network_error - **Verification:** ai_generated - **Fix Rate:** 75% ## Root Cause The Docker daemon cannot establish a TLS connection to the Docker Hub registry due to network latency, firewall blocks, or DNS resolution issues. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | Docker 20.10.0 | active | — | — | | Docker 24.0.0 | active | — | — | | Docker 25.0.0 | active | — | — | | Docker CE 26.0.0 | active | — | — | ## Workarounds 1. **Configure Docker daemon to use a mirror registry by editing /etc/docker/daemon.json: add '{"registry-mirrors": ["https://mirror.gcr.io"]}' and restart Docker. Then pull the image again.** (80% success) ``` Configure Docker daemon to use a mirror registry by editing /etc/docker/daemon.json: add '{"registry-mirrors": ["https://mirror.gcr.io"]}' and restart Docker. Then pull the image again. ``` 2. **Increase TLS handshake timeout by setting environment variable: 'export DOCKER_CLIENT_TIMEOUT=120' and 'export COMPOSE_HTTP_TIMEOUT=120' before running docker commands.** (60% success) ``` Increase TLS handshake timeout by setting environment variable: 'export DOCKER_CLIENT_TIMEOUT=120' and 'export COMPOSE_HTTP_TIMEOUT=120' before running docker commands. ``` 3. **Check and update DNS settings: add '8.8.8.8' to /etc/resolv.conf or use systemd-resolved: 'sudo resolvectl dns docker0 8.8.8.8'.** (70% success) ``` Check and update DNS settings: add '8.8.8.8' to /etc/resolv.conf or use systemd-resolved: 'sudo resolvectl dns docker0 8.8.8.8'. ``` ## Dead Ends - **** — Setting HTTP_PROXY without HTTPS_PROXY in daemon.json does not affect TLS connections; the timeout persists. (60% fail) - **** — Flushing DNS cache (e.g., 'sudo systemctl restart systemd-resolved') rarely resolves the issue if the root cause is network congestion or firewall rules. (70% fail)