Dev Solve

English

中文
日本語

English

中文
日本語

Appearance

Related Posts

Fix "NDK did not have a source.properties file" Error

Resolving "Could not find com.android.tools.build:gradle:7.3.3" error

Android Gradle Plugin Java Version Fix

Fix "Unknown Kotlin JVM target: 21" after Upgrading Android Studio

No signature of method android() error in Gradle

Fixing "Allow Insecure Protocols" Error in Android Gradle

Problem Overview

Starting with Gradle 7.0, Android projects encounter a security error when using insecure HTTP protocol repositories:

A problem occurred configuring root project 'so10'.
> Could not resolve all dependencies for configuration ':classpath'.
   > Using insecure protocols with repositories, without explicit opt-in, is unsupported.

This error occurs because Gradle 7+ blocks HTTP connections by default for security reasons, requiring explicit permission to use insecure protocols.

Solutions

1. Update Repository URLs to HTTPS (Recommended)

The most secure solution is to replace HTTP URLs with their HTTPS equivalents:

groovy
repositories {
    maven { url "https://jitpack.io" }
    maven { url 'https://raw.github.com/Raizlabs/maven-releases/master/releases' }
    maven { url 'https://oss.sonatype.org/content/repositories/snapshots' }
    maven { url "https://plugins.gradle.org/m2/" }
    maven { url 'https://maven.google.com' }
    google()
    mavenCentral()
}

WARNING

Always verify that HTTPS versions of repositories exist before making this change - not all repositories support HTTPS.

2. Explicitly Allow Insecure Protocol

If HTTPS is not available for a specific repository, explicitly allow insecure connections:

Groovy DSL

groovy
repositories {
    maven {
        url "http://oss.sonatype.org/content/repositories/snapshots"
        allowInsecureProtocol = true
    }
    // other repositories...
}

Kotlin DSL

kotlin
repositories {
    maven {
        url = uri("http://oss.sonatype.org/content/repositories/snapshots")
        isAllowInsecureProtocol = true
    }
    // other repositories...
}

3. Alternative Method: setAllowInsecureProtocol()

In some Gradle versions, the assignment syntax may not work. Use the method call instead:

groovy
maven {
    url "http://myinsecure/repository..."
    setAllowInsecureProtocol(true)
}

4. For Apply Scripts from Insecure URLs

If you're applying scripts from HTTP URLs:

groovy
// Instead of:
// apply from: "http://mycompany.com/buildscript.gradle"

// Use:
apply from: resources.text.fromInsecureUri("http://mycompany.com/buildscript.gradle")

Best Practices

Security Recommendation

Always prefer HTTPS repositories when available. Only use insecure protocols when absolutely necessary and you trust the repository source.

  1. Check for HTTPS alternatives first - Many repositories now support HTTPS
  2. Minimize insecure connections - Limit the use of allowInsecureProtocol to only necessary repositories
  3. Keep Gradle updated - Newer versions often have better security and compatibility

Common Pitfalls

  • Using maven2 instead of maven - this is incorrect syntax
  • Forgetting that Kotlin DSL uses isAllowInsecureProtocol instead of allowInsecureProtocol
  • Not updating all HTTP repositories in the project

Version Compatibility

This issue affects:

  • Gradle 7.0 and later versions
  • Android Studio Arctic Fox (2020.3.1) and newer
  • Projects with HTTP repository declarations

If you encounter compatibility issues with Gradle versions, consider updating your project's Gradle wrapper to a compatible version.

By implementing these solutions, you can resolve the insecure protocols error while maintaining both security and functionality in your Android projects.