Failed to establish SSL/TLS channels to SonarCloud for code analysis

OS: Windows Server 2012 R2
.NET Framework: 4.8
MSBuild Sonnar.Scanner: sonar-scanner-msbuild-5.13.0.66756-net46.zip

Hi Support Team,
We are using SonarCloud service for our code analysis, our system worked well with your cloud service until July 06 2023.
Since July 06, 2023, our system has not integrated with your service successfully due to SSL/TLS connection error.
Note: There is no change on our end.
Here is the error:

build 17-Jul-2023 06:17:35 Pre-processing started.
build 17-Jul-2023 06:17:35 Preparing working directories…
build 17-Jul-2023 06:17:35 06:17:35.04 Updating build integration targets…
build 17-Jul-2023 06:17:35 06:17:35.056 Fetching analysis configuration settings…
error 17-Jul-2023 06:17:35 06:17:35.151 Failed to request and parse https://sonarcloud.io/api/server/version: The request was aborted: Could not create SSL/TLS secure channel.
error 17-Jul-2023 06:17:35
error 17-Jul-2023 06:17:35 Unhandled Exception: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
error 17-Jul-2023 06:17:35 at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)

Could you please take a look and share suggestions?
Regards,

Hi @Adam_Tran ,

Thanks for your report.

If I understand correctly, you execute the Sonar Scanner on your own CI system, am I correct?

Could you please add the following option to your build command, and post here the full logs? It may help us locate where this SSL error comes from.

/d:sonar.verbose=true 

Other than that, I’d suggest checking 2 things:

• Any enterprise firewall running in between the server used for running the Sonar Scanner, and SonarCloud?
• Anything weird within the server’ trusted certificates?

Hi @Claire_Villard ,

Here is the verbose log:

build	17-Jul-2023 19:46:05	19:46:05.684 19:46:05.659 Loading analysis properties from JOB1\sonar-scanner-msbuild\SonarQube.Analysis.xml
build	17-Jul-2023 19:46:05	19:46:05.684 19:46:05.684 sonar.verbose=true was specified - setting the log verbosity to ‘Debug’
build	17-Jul-2023 19:46:05	19:46:05.929 Updating build integration targets…
build	17-Jul-2023 19:46:05	19:46:05.937 The file SonarQube.Integration.ImportBefore.targets was
build	17-Jul-2023 19:46:05	19:46:05.951 The file SonarQube.Integration.ImportBefore.targets was
build	17-Jul-2023 19:46:05	19:46:05.965 The file SonarQube.Integration.ImportBefore.targets was overwritten at \MSBuild\11.0\Microsoft.Common.targets\ImportBefore
build	17-Jul-2023 19:46:05	19:46:05.978 The file SonarQube.Integration.ImportBefore.targets was overwritten at …MSBuild\12.0\Microsoft.Common.targets\ImportBefore
build	17-Jul-2023 19:46:05	19:46:05.983 The file SonarQube.Integration.ImportBefore.targets was overwritten at …MSBuild\14.0\Microsoft.Common.targets\ImportBefore
build	17-Jul-2023 19:46:05	19:46:05.983 The file SonarQube.Integration.ImportBefore.targets was overwritten at …MSBuild\15.0\Microsoft.Common.targets\ImportBefore
build	17-Jul-2023 19:46:05	19:46:05.984 The file SonarQube.Integration.ImportBefore.targets was overwritten at …MSBuild\Current\Microsoft.Common.targets\ImportBefore
build	17-Jul-2023 19:46:06	19:46:06.009 Installed SonarQube.Integration.targets to JOB1.sonarqube\bin\targets
build	17-Jul-2023 19:46:06	19:46:06.01 Creating config and output folders…
build	17-Jul-2023 19:46:06	19:46:06.011 Creating directory: JOB1.sonarqube\conf
build	17-Jul-2023 19:46:06	19:46:06.011 Creating directory: JOB1.sonarqube\out
build	17-Jul-2023 19:46:06	19:46:06.023 Fetching server version…
build	17-Jul-2023 19:46:06	19:46:06.027 Downloading from https://sonarcloud.io/api/server/version…
build	17-Jul-2023 19:46:06	19:46:06.898 System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
build	17-Jul-2023 19:46:06	at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
build	17-Jul-2023 19:46:06	at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
build	17-Jul-2023 19:46:06	stderr: 19:46:06.895 Unable to connect to server. Please check if the server is running and if the address is correct. Url: ‘https://sonarcloud.io/api/server/version’.
build	17-Jul-2023 19:46:06	19:46:06.898 An error occured while querying the server version! Please check if the server is running and if the address is correct.
build	17-Jul-2023 19:46:06	19:46:06.898 Pre-processing failed. Exit code: 1

• Any enterprise firewall running in between the server used for running the Sonar Scanner, and SonarCloud?
  No
• Anything weird within the server’ trusted certificates? It used to work before 06 July 2023, and we don’t change anything in our infrastructure. We suspect that Cipher suites supported by Windows 2012 R2 are no longer supported by SonarCloud site. Are there any changes from SonarCloud since the date?

P/S: There are some places ... that are my intention to hide absolute folder locations at our end

Hi, we are facing the same issue. Since July 6-7 2023 SonarCloud stopped working on our on-premise azure devops build server, running W2012 R2.

Now we are in the process of cleaning up our old servers, but its weird this one suddenly stopped functioning.

On the W2012R2 server itself we can go to the sonarcloud.io website with no problem. Running a build on this server with SonarCloud reports, on the prepare sonarcloud part:

08:08:32.218 Fetching server version…
08:08:32.218 Downloading from https://sonarcloud.io/api/server/version…
##[error]08:08:32.311 Unable to connect to server. Please check if the server is running and if the address is correct. Url: ‘https://sonarcloud.io/api/server/version’.
08:08:32.311 Unable to connect to server. Please check if the server is running and if the address is correct. Url: ‘https://sonarcloud.io/api/server/version’.
08:08:32.327 System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
##[error]08:08:32.327 An error occured while querying the server version! Please check if the server is running and if the address is correct.
08:08:32.327 An error occured while querying the server version! Please check if the server is running and if the address is correct.
##[error]08:08:32.327 Pre-processing failed. Exit code: 1
08:08:32.327 Pre-processing failed. Exit code: 1

Thanks to both of you for your reports.
We did a technical migration on July 6th that is probably related to these new failures, since it changed the security policy used by sonarcloud.io.

We are now using AWS CloudFront with TLSv1.2_2021.
You can find here the supported cipher suites:

Could you compare them with the ones supported by your servers?

Just as a note, if it can help, we were previously on TLSv1-2-2017-01, with the cipher suites described there: Predefined SSL security policies for Classic Load Balancers - Elastic Load Balancing

Hope that helps,
Claire

I am experiencing the same exact issue on Windows Server 2019.

For testing, I have tried using Java version of sonar found here: SonarScanner, didn’t run into any TLS issues.

The issue seems to be isolated to .NET version.

If it is cypher suite issue, is there a way to force .NET version of scanner to use certain configuration?

Hi @andrius, welcome to the community!

Thanks for your report, that is really helpful to know that the issue seems to be limited to the .Net scanner running on Windows Server 2012 or older!
I’ll try to engage my .NET expert colleagues to help on solving this issue.

Hello @zaat, @Adam_Tran and @andrius

The .NET version of the scanner relies on the SystemDefault security protocol type. Which means whatever is configured in the OS is going to be used. This means to use TLS v1.2 to connect to SonarCloud, it needs to be enabled in the OS.

Could you please check that you have the proper security configuration on your Windows server?

You can find more information about this topic here.

Best,
Čaba