158

I'm getting the below errors when connecting to Maven Central / https://repo1.maven.org after June 18th 2018.

Received fatal alert: protocol_version

or

Received fatal alert: peer not authenticated
Gray
  • 112,334
  • 22
  • 281
  • 349
Brian Fox
  • 6,644
  • 4
  • 26
  • 31

10 Answers10

231

Solution 1: configure Java 7

It is need to enable TLS 1.2 protocol with Java property in the command line

mvn -Dhttps.protocols=TLSv1.2 install

install is just an example of a goal

The same error for ant can be solved by this way

java -Dhttps.protocols=TLSv1.2 -cp %ANT_HOME%/lib/ant-launcher.jar org.apache.tools.ant.launch.Launcher

Solution 2: use Java 7 with Oracle Advanced Support

Also problem can be solved by updating the Java 7 version. But the last available version (7u80) doesn't fix the problem. It is need to use an update provided with Oracle Advanced Support (formerly known as Java for Business).

Solution 3: use Java 8 instead

Configure $JAVA_HOME to point to Java 8.

v.ladynev
  • 18,125
  • 7
  • 41
  • 62
69

In June 2018, in an effort to raise security and comply with modern standards, the insecure TLS 1.0 & 1.1 protocols will no longer be supported for SSL connections to Central. This should only affect users of Java 6 (and Java 7) that are also using https to access central, which by our metrics is less than .2% of users.

For more details and workarounds, see the blog and faq here: https://blog.sonatype.com/enhancing-ssl-security-and-http/2-support-for-central

StaxMan
  • 108,392
  • 32
  • 202
  • 235
Brian Fox
  • 6,644
  • 4
  • 26
  • 31
  • The link in the blog.sonatype.com article is throwing 404. It is because they updated the link to https://central.sonatype.org/articles/2018/May/04/discontinued-support-for-tlsv11-and-below/. – Blueboye Jul 09 '18 at 16:36
58

The following command helped me (executing on bash before running mvn)

export MAVEN_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
Simon_Prewo_Frankfurt
  • 1,173
  • 2
  • 10
  • 17
  • 4
    On Windows set MAVEN_OPTS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 – Lele Jan 21 '19 at 11:00
  • after setting this all http download is working for me. however https has issue as below Failed to collect dependencies at org.netpreserve.commons:webarchive-commons:jar:1.1.2 -> org.apache.hadoop:hadoop-core:jar:0.20.2-cdh3u4: Failed to read artifact descriptor for org.apache.hadoop:hadoop-core:jar:0.20.2-cdh3u4: Could not transfer artifact org.apache.hadoop:hadoop-core:pom:0.20.2-cdh3u4 from/to cloudera (https://repository.cloudera.com/artifactory/cloudera-repos/): Received fatal alert: handshake_failure any help – Karn_way Feb 01 '19 at 11:52
  • 1
    Works like a charm! Thanks! (Tried on CentOs) – DarSta Mar 12 '19 at 10:39
  • Is this secure? – Ganesh Satpute Apr 11 '20 at 15:38
  • Thank You! This got it going for me! – Ben Call Jun 03 '20 at 13:33
  • I've used the export with the 1.2 version only and it worked for me. It is also the secure way as documented: `export MAVEN_OPTS=-Dhttps.protocols=TLSv1.2` – manuelvigarcia Aug 06 '20 at 16:07
21

As said @v.ladynev, it works with JDK 1.7

With Eclipse, to be able to perform a "Run As" maven install with the TLS command-line parameter, just configure the JDK you're using.

Open the dialog through Window > Preferences > Java > Installed JREs.

Then highlight the one you're using (should be a JDK, not a JRE), click on Edit. In the field "Default VM arguments", fill the value -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2. As shown below:

enter image description here

Clean the project (maybe optional), then re-run a maven install.

Amessihel
  • 5,312
  • 1
  • 13
  • 37
  • I am getting this Failed to collect dependencies at org.netpreserve.commons:webarchive-commons:jar:1.1.2 -> org.apache.hadoop:hadoop-core:jar:0.20.2-cdh3u4: Failed to read artifact descriptor for org.apache.hadoop:hadoop-core:jar:0.20.2-cdh3u4: Could not transfer artifact org.apache.hadoop:hadoop-core:pom:0.20.2-cdh3u4 from/to cloudera (https://repository.cloudera.com/artifactory/cloudera-repos/): Received fatal alert: handshake_failure looks https download has issue . please help I am using java1.7_80 and maven 3.6 – Karn_way Feb 01 '19 at 11:51
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/188983/discussion-between-amessihel-and-liz-lamperouge). – Amessihel Feb 25 '19 at 10:20
6

I'm sorry, I don't know why you get the error message. However, I'm using Java 7 and Windows 10 and the solution for me was to temporarily use Java 8 by changing the JAVA_HOME environment variable. Then I could run mvn install and fetch from Maven Central Repository.

propatience
  • 73
  • 1
  • 3
  • 5
  • 2
    This worked wonders for me. As a user of MyEclipse, all I had to do was to change the JRE for the maven run configuration to 1.8 and then back again to 1.7 after maven had downloaded what it needed. – Thor Hovden Mar 27 '19 at 11:19
4

Update maven version to 3.6.3 and run

mvn -Dhttps.protocols=TLSv1.2 install

it worked on centos 6.9

icaglar
  • 101
  • 2
  • 2
3

Add "-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2" to "Default VM arguments" under Window -> Preferences -> Java -> Installed JREs in Eclipse, validate and run your project, it should and will work.

sbaredd
  • 31
  • 3
2

Note that if you're using the IBM JDK you may also have to set

com.ibm.jsse2.overrideDefaultTLS=true

https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html#matchsslcontext_tls

Edoardo Comar
  • 531
  • 2
  • 5
0

Using jdk7-u221, I was need to install the Java Cryptography Extension (JCE)

Java Cryptography Extension JCE

Community
  • 1
  • 1
josuedani
  • 34
  • 1
  • 5
0

For setting java properties on Windows app server:

  • configure tomcat > run as admin

  • then add Java opts:

  • restart service.

CoderLee
  • 2,405
  • 2
  • 19
  • 44
Don Julio
  • 1