Notice: Java 6 and 7 users: SSL Protocol upgrades coming to Central

[Brian Fox <br...@infinity.nu>]

The march of standards continues unabated. Legacy TLS protocols 1.0
and 1.1 have varying weaknesses that could lead to a false sense of
security.

In June, in an effort to raise security and comply with modern
standards, the insecure TLS 1.0 & 1.1 protocols will no longer be
supported for SSL connections to Central. This should only affect
users of Java 6 that are also using https to access central, which by
our metrics is less than .2% of users.

At the same time, this conversion will allow Central to support HTTP/2
with potential performance gains for modern http clients.

The details about why, when and what you need to do are documented at
the link below. As questions come up, we will continue to update this
faq.

If there is specific information required for non-maven build systems,
please send it along and we will include that as well.

https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/

I've posted the same content as a blog to make it easier to
disseminate here:
https://blog.sonatype.com/enhancing-ssl-security-and-http/2-support-for-central

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

[NOTICE] Java 6 and 7 users: SSL Protocol upgrades coming to Central

[Robert Scholte <rf...@apache.org>]

The march of standards continues unabated. Legacy TLS protocols 1.0 and  
1.1 have varying weaknesses that could lead to a false sense of security.

In June, in an effort to raise security and comply with modern standards,  
the insecure TLS 1.0 & 1.1 protocols will no longer be supported for SSL  
connections to Central. This should only affect users of Java 6 that are  
also using https to access central, which by our metrics is less than .2%  
of users.

At the same time, this conversion will allow Central to support HTTP/2  
with potential performance gains for modern http clients.

The details about why, when and what you need to do are documented at the  
link below. As questions come up, we will continue to update this faq.

If there is specific information required for non-maven build systems,  
please send it along and we will include that as well.

https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/

Brian Fox has posted the same content as a blog to make it easier to  
disseminate here:
https://blog.sonatype.com/enhancing-ssl-security-and-http/2-support-for-central

Re: Notice: Java 6 and 7 users: SSL Protocol upgrades coming to Central

[Brian Fox <br...@infinity.nu>]

Bumping this again. Cutover is next week.

On Mon, May 21, 2018 at 2:22 PM, Brian Fox <br...@infinity.nu> wrote:

> The march of standards continues unabated. Legacy TLS protocols 1.0
> and 1.1 have varying weaknesses that could lead to a false sense of
> security.
>
> In June, in an effort to raise security and comply with modern
> standards, the insecure TLS 1.0 & 1.1 protocols will no longer be
> supported for SSL connections to Central. This should only affect
> users of Java 6 that are also using https to access central, which by
> our metrics is less than .2% of users.
>
> At the same time, this conversion will allow Central to support HTTP/2
> with potential performance gains for modern http clients.
>
> The details about why, when and what you need to do are documented at
> the link below. As questions come up, we will continue to update this
> faq.
>
> If there is specific information required for non-maven build systems,
> please send it along and we will include that as well.
>
> https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-
> tlsv11-and-below/
>
> I've posted the same content as a blog to make it easier to
> disseminate here:
> https://blog.sonatype.com/enhancing-ssl-security-and-
> http/2-support-for-central
>

Re: Notice: Java 6 and 7 users: SSL Protocol upgrades coming to Central

[Karl Heinz Marbaise <kh...@gmx.de>]

Hi Brian,

I have posted the same here:

https://blogs.apache.org/maven/entry/notice-java-6-and-7

Kind regards
Karl Heinz Marbaise
On 21/05/18 20:22, Brian Fox wrote:
> The march of standards continues unabated. Legacy TLS protocols 1.0
> and 1.1 have varying weaknesses that could lead to a false sense of
> security.
> 
> In June, in an effort to raise security and comply with modern
> standards, the insecure TLS 1.0 & 1.1 protocols will no longer be
> supported for SSL connections to Central. This should only affect
> users of Java 6 that are also using https to access central, which by
> our metrics is less than .2% of users.
> 
> At the same time, this conversion will allow Central to support HTTP/2
> with potential performance gains for modern http clients.
> 
> The details about why, when and what you need to do are documented at
> the link below. As questions come up, we will continue to update this
> faq.
> 
> If there is specific information required for non-maven build systems,
> please send it along and we will include that as well.
> 
> https://central.sonatype.org/articles/2018/May/04/discontinue-support-for-tlsv11-and-below/
> 
> I've posted the same content as a blog to make it easier to
> disseminate here:
> https://blog.sonatype.com/enhancing-ssl-security-and-http/2-support-for-central
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org