Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Fixing Gradle Dependency Resolution

DZone's Guide to

Fixing Gradle Dependency Resolution

Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds.

· Java Zone ·
Free Resource

How do you break a Monolith into Microservices at Scale? This ebook shows strategies and techniques for building scalable and resilient microservices.

Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds if you’re affected.

You will need to take action if you are using Java 6 or 7 and using Gradle versions 2.1 through 4.8.

How to Check if You’re Affected

You may already be getting one of the following errors from your build after an error message saying: “Could not resolve [coordinates]”:

Received fatal alert: protocol_version

or

Peer not authenticated

If not, you can check to see whether you will be affected by running the following code:

gradle --version       # Without Gradle Wrapper

./gradlew --version    # Using Gradle Wrapper on *nix

gradlew.bat --version  # Using Gradle Wrapper on Windows


It will print something like this:

------------------------------------------------------------
Gradle 3.5
------------------------------------------------------------

Build time:   2017-04-10 13:37:25 UTC
Revision:     b762622a185d59ce0cfc9cbc6ab5dd22469e18a6

Groovy:       2.4.10
Ant:          Apache Ant(TM) version 1.9.6 compiled on June 29 2015
JVM:          1.7.0_80 (Oracle Corporation 24.80-b11)
OS:           Mac OS X 10.13.5 x86_64


You must take action, if all of these are true:

  • JVM version is Java 7u130 or lower
  • and the Gradle version is between 2.1 and 4.8, inclusive
  • and you have declared a repository {} of mavenCentral() or jcenter()

How to Use TLS 1.2 for Dependency Resolution

You can take any one of the following actions to use TLS v1.2+:

  • Run Gradle with Java 1.7.0_131-b31 or above
  • or upgrade to Gradle 4.8.1 or above
  • or replace mavenCentral() with maven { url = "http://repo.maven.apache.org/maven2" } and jcenter() with maven { url = "http://jcenter.bintray.com" }

The first two solutions are recommended. While, the third opens a possible attack vector.

Other Resources

Posts about discontinued support for old versions of TLS on Maven Central and in the Bintray knowledge base explain the background for the necessity of these changes.

You may also find Gradle-specific details from gradle/gradle#5740 on GitHub.

How do you break a Monolith into Microservices at Scale? This ebook shows strategies and techniques for building scalable and resilient microservices.

Topics:
java ,gradle ,tutorial ,maven central

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}