Fail to get bootstrap index from server: Received fatal alert: protocol_version

solar_slam · April 6, 2021, 9:12pm

I am trying to use SonarQube’s Maven plugin in Jenkins connecting to SonarQube 8.7 Enterprise. I am getting the following error:

mvn sonar:sonar \
-Dmaven.repo.local=${env.WORKSPACE}/.m2/repository \
-Dsonar.projectKey=${project}
...
User cache: /var/lib/jenkins-slave/.sonar/cache 
ERROR SonarQube server https://sonarserver.domain can not be reached 
INFO ------------------------------------------------------------------------
INFO BUILD FAILURE
INFO ------------------------------------------------------------------------
INFO Total time: 7.333 s 
INFO Finished at: 2021-04-06T16:05:38-04:00 
INFO ------------------------------------------------------------------------
ERROR Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.8.0.2131:sonar (default-cli) on project java_project: Unable to execute SonarScanner analysis: Fail to get bootstrap index from server: Received fatal alert: protocol_version -> [Help 1]
ERROR 
ERROR To see the full stack trace of the errors, re-run Maven with the -e switch. 
ERROR Re-run Maven using the -X switch to enable full debug logging. 
ERROR
ERROR For more information about the errors and possible solutions, please read the following articles: 
ERROR [Help 1]ehttp://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

I’m not sure where to start with error “protocol_version”? As far as I can tell it’s downloading the latest maven plugin version. Do I need to set something on the SonarQube server?

EDIT: I have since updated the server to 8.8 Enterprise and I still receive the same error.

David_Karr · April 6, 2021, 10:08pm

This isn’t a problem with the Maven plugin, it’s simply unable to fully connect to the remote sonarqube server. I assume that your service url is NOT “https://sonarserver.domain”? That sounds like an unlikely url. You have some sort of connectivity issue between your build server and the sonarqube server.

solar_slam · April 7, 2021, 1:13pm

Do you know specifically what “protocol_version” means? My build server can ping SonarQube so I don’t see any issue there.

Colin_SonarSource · April 7, 2021, 1:53pm

Hey there.

It appears to be an issue with the JVM running the scanner and your SonarQube server completing the SSL handshake. There can be a number of reasons for this, but it typically boils down to an incorrect TLS version being used. The correct versions would be set by the reverse proxy sitting in front of your SonarQube server (and serving it over HTTPS).

Take, for example, an NGINX configuration of:

    ssl_protocols TLSv1.2 TLSv1.3;

You can do some deeper debugging by adding the environment variable MAVEN_OPTS set to -Djavax.net.debug=all

Some example output (from what is, truth be told, very verbose output)

SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1.2]
....
*** ClientHello, TLSv1

Out of curiosity, what version/flavor of Java are you using to execute maven / the analysis?

Best regards,

Colin

solar_slam · April 7, 2021, 1:52pm

Ah that was it! It seems Maven does not support TLSv1.3, only v1.2. Wish it would say something more verbose like “tls_protocol_version”, but that’s Maven’s problem.

I am using the bundled JVM that comes with the Linux install of sonar-scanner:

Downloads/sonar-scanner-4.6.0.2311-linux/jre/bin/java -version
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.3+7)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.3+7, mixed mode)

Colin_SonarSource · April 7, 2021, 1:56pm

If you are running mvn sonar:sonar the version of Java being used should be the one that starts Maven (it will also be in your analysis logs) rather than what’s bundled in the SonarQube Scanner CLI, and the issue is really with the JVM (rather than maven or the scanner) but it seems that anyways you resolved your issue

solar_slam · April 7, 2021, 2:00pm

I set JAVA_HOME to the home directory of the sonar-scanner JVM for running Maven. When we run things with different versions of Java, it ensures the mvn sonar-scanner plugin has a compatible version. For anyone else wondering how to do this in Jenkins:

def scannerHome = tool 'SonarScanner 4' # You can name your scanner whatever in Jenkins
sh """
JAVA_HOME=${scannerHome}/jre
mvn sonar:sonar \
...
"""

system · April 14, 2021, 2:01pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.