How can I force/restrict the Gradle dependency resolution to only use TLS 1.3+ for download?
…and also I’d like to disable specific weak ciphers, is that possible?
I don’t actually know how to do that, but I would assume Gradle just uses the default security provider in Java for creating HTTPS connections. So you should be able to both enforce TLS 1.3 and disable specific ciphers by tweaking the java.security file in the JDK you use. Alternatively, at least for enforcing the TLS version, you can probably also do it by setting the jdk.tls.client.protocols property in your Gradle options.
Maybe 
Note that there is nasty a bug in TLS 1.3 for older versions of Java 11 and Java 12, so be sure you are using a version that is relatively new (e.g. 11.0.5).
Yes, Gradle itself doesn’t control TLS it just uses the JVM’s HTTPS stack. If you want to force dependency resolution to use TLS 1.3 only, you can set:
org.gradle.jvmargs=-Djdk.tls.client.protocols=TLSv1.3
inside your gradle.properties. Another option is editing the java.security file in your JDK to disable older TLS versions or unwanted ciphers. Just make sure you’re on a recent JDK (Java 11.0.5+), since older Java 11/12 builds had known TLS 1.3 bugs. This way, Gradle will fail if the repo doesn’t support TLS 1.3, ensuring all downloads stick to TLS 1.3+. Hope it helps!
Probably better systemProp.jdk.tls.client.protocols=TLSv1.3, so you do not overwrite all daemon jvm args but only set that system property. 