Question
Which TLS versions are supported by Central?
Answer
As of June 15th 2018, Central (repo1.maven.org & repo.maven.apache.org) will be supporting TLS 1.2 only. If you encounter the error message
"Received fatal alert: protocol_version"
or
"Received fatal alert: peer not authenticated"
you have three options for remediation:
- Upgrade your Java runtime, for example with OpenJDK builds or Oracle paying support
- Configure your Java runtime to enable TLS 1.2 by adding -Dhttps.protocols=TLSv1.2
- Use a repository manager that uses a Java version supporting TLS 1.2
We recommended that you upgrade prior to June 15th 2018 to avoid any potential loss of service.
Question
Why is this happening?
Answer
TLS 1.1 is inherently insecure and in order to maintain compliance, our provider is removing the last vestiges of support:
By June 30, 2018, all customers, including those on dedicated endpoints, must have converted to TLS-1.2. Due to the PCI Security Standards Council mandate, older TLS implementations will no longer be supported on Fastly infrastructure on shared or dedicated endpoints. There will be no exceptions made after this date.
To read more on this, see the GitHub blog.
Question
Who is affected?
Answer
If you are using http to access Central, or Java 8+ with https urls, you are not affected.
If you are on Java 7, it supports TLS 1.2 but it is disabled by default in versions before 1.7.0_131-b31, and the following Apache Maven workaround functions for older Java 7 users:
mvn -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 <goals>
or add the following to your envinroment or build script:
export MAVEN_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
If you are on Java 6, you will need to switch back to http or upgrade to a more modern Java version.
Original article source: https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/
If so inclined, please share this news through your personal social media networks with peers that would find this update useful.
