The march of standards continues unabated. Legacy TLS protocols 1.0 and 1.1 have varying weaknesses that could lead to a false sense of security.
In June 2018, in an effort to raise security and comply with modern standards, the insecure TLS 1.0 & 1.1 protocols will no longer be supported for SSL connections to Maven Central. This should only affect users of Java 6 who are also using https to access Central, which is less than .2% of users.
At the same time, this conversion will allow Central to support HTTP/2 with potential performance gains for modern http clients.
The details about why, when and what you need to do are documented at the link below. As questions arise, we will continue to update this FAQ.
If there is specific information required for non-maven build systems, please send it along, and we will include that.
.jpg?width=150&height=150&name=fox-2016-1-sq%20(1).jpg)
Brian Fox, CTO and co-founder of Sonatype, is a Governing Board Member for the Open Source Security Foundation (OpenSSF), a Governing Board Member for the Fintech Open Source Foundation (FINOS), a member of the Monetary Authority of Singapore Cyber and Technology Resilience Experts (CTREX) Panel, a member of the Apache Software Foundation and former Chair of the Apache Maven project. Working with OpenSSF, Brian helped create The Open Source Consumption Manifesto, urging organizations to elevate awareness of open source usage. He also chaired efforts to provide official responses to requests for information from the The Office of the National Cybersecurity Directorate (ONCD) and the Cybersecurity and Infrastructure Security Agency (CISA). Within the Atlantic Council's Open Source Policy Network, Brian actively helps shape cybersecurity strategy, offering valuable insights on critical documents, such as ONCD's recent National Cyber Security Strategy. Brian has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other security and development-related conferences.
Explore All Posts by Brian FoxTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.