diff --git a/distribution/docker/src/docker/Dockerfile b/distribution/docker/src/docker/Dockerfile
index 6ff48693cfd26..8d1cbc8ad2fbc 100644
--- a/distribution/docker/src/docker/Dockerfile
+++ b/distribution/docker/src/docker/Dockerfile
@@ -16,9 +16,9 @@ FROM centos:7 AS builder
 ENV PATH /usr/share/elasticsearch/bin:$PATH
 ENV JAVA_HOME /opt/jdk-${jdkVersion}
 
-RUN curl -L --retry 8 -s -S ${jdkUrl} --continue-at - --output /tmp/jdk.tar.gz && \
-    tar -C /opt -zxf /tmp/jdk.tar.gz && \
-    rm -Rf /tmp/jdk.tar.gz
+RUN for iter in {1..10}; do curl -L -s -S ${jdkUrl} | tar -C /opt -zx &&\
+    exit_code=0 && break || exit_code=\$? && echo "download error: retry \$iter in 10s" && sleep 10; done;
+    
 
 # Replace OpenJDK's built-in CA certificate keystore with the one from the OS
 # vendor. The latter is superior in several ways.