Discontinued support for TLSv1.1 and below on Publishing servers and search.maven.org⚓︎
Which TLS versions are supported by Central Services?
As of September 30th 2021, the Publishing servers and search.maven.org supports TLS 1.2 only. Primary user facing services (repo1.maven.org, repo.maven.apache.org) are already configured in this fashion.
The list of affected Endpoints is below:
You may encounter different errors depending on the client/browser used to query the services above. Some of them could be:
Secure Connection Failed
Received fatal alert: protocol_version
peer not authenticated
If you encounter any issue similar to these, you need to update your client/browser to one that supports TLS 1.2 to continue using any of the services
Why did this happen?
TLS 1.1 or below are inherently insecure and in order to maintain compliance with best practices we are forcing the minimum TLS version to 1.2.
I cannot implement the above required changes in my environment -- what are my options?
You won't be able to query or access the mentioned services. There is no workaround.
What about support of TLS 1.3?
We are evaluating and waiting for the support being available on all our providers to add future support of TLS 1.3 on our services.