Maven secure HTTPS repository and JDK5

Question

Since January 2020, maven has switched their repo from HTTP to HTTPS. In order my project (running with Java 5 + maven 3.1.1) to download the repos i changed in my pom.xml the repos to look to: https://repo.maven.apache.org/maven2 This worked fine and now maven tries to access the dependencies from the secure repository. Trying to build/clean my project i faced following issues:

Issue 1 Trying to mvn clean my project without any further arguments i receive following error: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): peer not authenticated -> [Help 1]

I tried to bypass the error by adding following arguments: mvn -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true clean

New error: Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): Remote host closed connection during handshake: SSL peer shut down incorrectly -> [Help 1]

Further attemp by adding alos the following argument: -Dhttps.protocols=TLSv1.2,TLSv1.1 Resolves to a new error:

Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): TLSv1.2 -> [Help 1]

Issue 2 I tried to with a different approach by using the certificate provided from https://repo.maven.apache.org/maven2/ I import the certificate into a trust store and tried to use this with the following maven command:

mvn -Djavax.net.ssl.trustStore=C:\\PortableApps\\trust.jks -Djavax.net.ssl.trustStorePassword=pass -Djavax.net.ssl.keyStore=C:\\PortableApps\\trust.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.keyStorePassword=pass clean

The error is the same as previous again Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:2.5 from/to central ( https://repo.maven.apache.org/maven2 ): peer not authenticated -> [Help 1]

I start to believe, that this is not goign to work with Java 5 due to the limitations of the JVM. As a last resolution, i find the usage of the insecure repo http://insecure.repo1.maven.org/maven2/ but i want to go do this as my very last option. Any further suggestions?

Note

• On another project with Java 7, i was able to resolve all the issues by using the latest maven version 3.6.3
• Since the project is compatible only with Java 5, i am limited in using maven version up to 3.1.1

Answer 1

I ended up using the insecure maven repo http://insecure.repo1.maven.org/maven2/ in order to make it work with Java 5 (build/run).

Alternative, as some already suggested in the comments, you may use JDK 7 for your build process in order to download the dependencies from the secure maven repository and Java 5 for running your app.

As it seems, there is no way in accessing the secure maven repo while using Java 5 due to the lack of TLSv1.2 support which maven seems to use ( https://central.sonatype.org/articles/2018/May/04/discontinued-support-for-tlsv11-and-below/?__hstc=31049440.13cc707ef0d169390d4d7ac8ba12c78e.1571910247825.1579506965027.1580304556973.4&__hssc=31049440.1.1580304556973&__hsfp=1122763312 )