Fixing Gradle dependency resolution when TLS v1.1 and v1.0 support is discontinued



  • Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds if you’re affected.

    You will need to take action if you are using Java 6 or 7 and using Gradle versions 2.1 through 4.8.

    How to check if you’re affected

    You may already be getting one of the following errors from your build after an error message saying: “Could not resolve [coordinates]”:

    Received fatal alert: protocol_version

    or

    peer not authenticated

    If not, you can check whether you will be affected by running the following:

    gradle --version # Without Gradle Wrapper ./gradlew --version # Using Gradle Wrapper on *nix gradlew.bat --version # Using Gradle Wrapper on Windows 
    

    it will print something like this:

    ------------------------------------------------------------ Gradle 3.5 ------------------------------------------------------------ Build time: 2017-04-10 13:37:25 UTC Revision: b762622a185d59ce0cfc9cbc6ab5dd22469e18a6 Groovy: 2.4.10 Ant: Apache Ant(TM) version 1.9.6 compiled on June 29 2015 JVM: 1.7.0_80 (Oracle Corporation 24.80-b11) OS: Mac OS X 10.13.5 x86_64 
    

    You must take action if all of these are true:

    • JVM version is Java 7u130 or lower
    • and Gradle version is between 2.1 and 4.8, inclusive
    • and you have declared a repository {} of mavenCentral() or jcenter()

    How to use TLS 1.2 for dependency resolution

    You can take any one of the following actions to use TLS v1.2+:

    • Run Gradle with Java 1.7.0_131-b31 or above
    • or upgrade to Gradle 4.8.1 or above
    • or replace mavenCentral() with maven { url = "http://repo.maven.apache.org/maven2" } and jcenter() with maven { url = "http://jcenter.bintray.com" }

    The first two solutions are recommended, as the third opens a possible attack vector.

    Other resources

    Posts about discontinued support for old versions of TLS on Maven Central and in the Bintray knowledge base explain the background for the necessity of these changes.

    You may also find Gradle-specific details from gradle/gradle#5740 on GitHub.

    https://blog.gradle.org/unable-to-download-maven-central-bintray


Log in to reply
 

© Lightnetics 2024