DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Modern Digital Website Security: Prepare to face any form of malicious web activity and enable your sites to optimally serve your customers.

Containers Trend Report: Explore the current state of containers, containerization strategies, and modernizing architecture.

Low-Code Development: Learn the concepts of low code, features + use cases for professional devs, and the low-code implementation process.

E-Commerce Development Essentials: Considering starting or working on an e-commerce business? Learn how to create a backend that scales.

Related

  • Understanding Dependencies...Visually!
  • Resilience Pattern: Circuit Breaker
  • Transitioning From Groovy to Kotlin for Gradle Android Projects
  • SwiftData Dependency Injection in SwiftUI Application

Trending

  • Unlocking Seamless Customer Relationship Management With React Integration Features
  • Securing REST APIs With Nest.js: A Step-by-Step Guide
  • Top 11 Project Management Hacks for Software Project Managers
  • How to Leverage Kubernetes' New CronJob API for Efficient Task Scheduling
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Fixing Gradle Dependency Resolution

Fixing Gradle Dependency Resolution

Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds.

Eric Wendelin user avatar by
Eric Wendelin
·
Updated Jun. 25, 18 · Tutorial
Like (2)
Save
Tweet
Share
15.6K Views

Join the DZone community and get the full member experience.

Join For Free

Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds if you’re affected.

You will need to take action if you are using Java 6 or 7 and using Gradle versions 2.1 through 4.8.

How to Check if You’re Affected

You may already be getting one of the following errors from your build after an error message saying: “Could not resolve [coordinates]”:

Received fatal alert: protocol_version

or

Peer not authenticated

If not, you can check to see whether you will be affected by running the following code:

gradle --version       # Without Gradle Wrapper

./gradlew --version    # Using Gradle Wrapper on *nix

gradlew.bat --version  # Using Gradle Wrapper on Windows


It will print something like this:

------------------------------------------------------------
Gradle 3.5
------------------------------------------------------------

Build time:   2017-04-10 13:37:25 UTC
Revision:     b762622a185d59ce0cfc9cbc6ab5dd22469e18a6

Groovy:       2.4.10
Ant:          Apache Ant(TM) version 1.9.6 compiled on June 29 2015
JVM:          1.7.0_80 (Oracle Corporation 24.80-b11)
OS:           Mac OS X 10.13.5 x86_64


You must take action, if all of these are true:

  • JVM version is Java 7u130 or lower
  • and the Gradle version is between 2.1 and 4.8, inclusive
  • and you have declared a repository {} of mavenCentral() or jcenter()

How to Use TLS 1.2 for Dependency Resolution

You can take any one of the following actions to use TLS v1.2+:

  • Run Gradle with Java 1.7.0_131-b31 or above
  • or upgrade to Gradle 4.8.1 or above
  • or replace mavenCentral() with maven { url = "http://repo.maven.apache.org/maven2" } and jcenter() with maven { url = "http://jcenter.bintray.com" }

The first two solutions are recommended. While, the third opens a possible attack vector.

Other Resources

Posts about discontinued support for old versions of TLS on Maven Central and in the Bintray knowledge base explain the background for the necessity of these changes.

You may also find Gradle-specific details from gradle/gradle#5740 on GitHub.

Gradle Dependency

Published at DZone with permission of Eric Wendelin, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • Understanding Dependencies...Visually!
  • Resilience Pattern: Circuit Breaker
  • Transitioning From Groovy to Kotlin for Gradle Android Projects
  • SwiftData Dependency Injection in SwiftUI Application
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: