Fixing Gradle Dependency Resolution
Fixing Gradle Dependency Resolution
Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds.
Join the DZone community and get the full member experience.
Join For FreeGet the Edge with a Professional Java IDE. 30-day free trial.
Maven Central and Bintray have announced that they will discontinue support for TLS v1.1 and below. Here’s what you need to know to correct your Gradle builds if you’re affected.
You will need to take action if you are using Java 6 or 7 and using Gradle versions 2.1 through 4.8.
How to Check if You’re Affected
You may already be getting one of the following errors from your build after an error message saying: “Could not resolve [coordinates]”:
Received fatal alert: protocol_version
or
Peer not authenticated
If not, you can check to see whether you will be affected by running the following code:
gradle --version # Without Gradle Wrapper
./gradlew --version # Using Gradle Wrapper on *nix
gradlew.bat --version # Using Gradle Wrapper on WindowsIt will print something like this:
------------------------------------------------------------
Gradle 3.5
------------------------------------------------------------
Build time: 2017-04-10 13:37:25 UTC
Revision: b762622a185d59ce0cfc9cbc6ab5dd22469e18a6
Groovy: 2.4.10
Ant: Apache Ant(TM) version 1.9.6 compiled on June 29 2015
JVM: 1.7.0_80 (Oracle Corporation 24.80-b11)
OS: Mac OS X 10.13.5 x86_64You must take action, if all of these are true:
- JVM version is Java 7u130 or lower
- and the Gradle version is between 2.1 and 4.8, inclusive
- and you have declared a
repository {}ofmavenCentral()orjcenter()
How to Use TLS 1.2 for Dependency Resolution
You can take any one of the following actions to use TLS v1.2+:
- Run Gradle with Java 1.7.0_131-b31 or above
- or upgrade to Gradle 4.8.1 or above
- or replace
mavenCentral()withmaven { url = "http://repo.maven.apache.org/maven2" }andjcenter()withmaven { url = "http://jcenter.bintray.com" }
The first two solutions are recommended. While, the third opens a possible attack vector.
Other Resources
Posts about discontinued support for old versions of TLS on Maven Central and in the Bintray knowledge base explain the background for the necessity of these changes.
You may also find Gradle-specific details from gradle/gradle#5740 on GitHub.
Get the Java IDE that understands code & makes developing enjoyable. Level up your code with IntelliJ IDEA. Download the free trial.
Like This Article? Read More From DZone
Published at DZone with permission of Eric Wendelin , DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}