Configure LDAP for Sonar server to accept TLSv1, TLSv1.1, TLSv1.2

Trying to setup a brand new Sonar server, but I can not figure out how to setup the server LDAP settings to accept TLSv1, TLSv1.1, TLSv1.2.

I get exceptions when starting the server with our LDAP configurations due to:
[javax.net](http://javax.net/).ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

From what I read I should be able to achieve this by configuring java itself to accept it. Therefore I have tried (without success):

  • Adding java options to wrapper.conf

    • e.g.: wrapper.java.additional.3=-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
  • Adding java options to sonar.properties

    • e.g: sonar.web.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"
    • e.g: sonar.web.javaAdditionalOpts=-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2"

We are using:

  • SonarQube 8.4.1
  • Java 11 setup via wrapper config wrapper.java.command=/usr/lib/jvm/java-11-openjdk-11.0.8.10-0.el8_2.x86_64/bin/java

Just to clarify: this exception happens on SonarQube? So, your LDAP server is using TLSv1?

It’s odd, because sonar.web.javaAdditionalOpts=-Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" should work. Do you see it being taken into account in your logs? You should see something like:

INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='web', ...] ... -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" ...

It should be at the “top”, shortly after you start up SonarQube. Do you see it? If not, please check your $SONAR_HOME/conf/sonar.properties file. Perhaps you have multiple sonar.web.javaAdditionalOpts directives in there?

I can not give more support into this issue since it was opened when we were in a configuration phase and now we have moved on (workarounds/upgrades were made to circumvent this issue).

Feel free to close the ticket

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.