Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Enhancing SSL Security and HTTP/2 support for Central

May 21, 2018 By Brian Fox

The march of standards continues unabated. Legacy TLS protocols 1.0 and 1.1 have varying weaknesses that could lead to a false sense of security. 

In June, in an effort to raise security and comply with modern standards, the insecure TLS 1.0 & 1.1 protocols will no longer be supported for SSL connections to Central. This should only affect users of Java 6 that are also using https to access central, which by our metrics is less than .2% of users.

At the same time, this conversion will allow Central to support HTTP/2 with potential performance gains for modern http clients.

The details about why, when and what you need to do are documented at the link below. As questions come up, we will continue to update this faq.

If there is specific information required for non-maven build systems, please send it along and we will include that as well.
https://central.sonatype.org/articles/2018/May/04/discontinued-support-for-tlsv11-and-below/
 

Tags: Central, Maven

Written by Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.