Issues with scanning a .net project

SonarQube Cloud
1

Hi,

We’re evaluating SQ and so far we installed the scanner using the “dotnet tool install --global dotnet-sonarscanner” command. Now we’re trying to execute the scanner on a project but we get this error:
Unable to connect to server. Please check if the server is running and if the address is correct. Url: ‘https://sonarcloud.io/api/settings/values?component=unknown’. Unhandled exception. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.

Following on some other posts we tried to upgrade the .net framework version and it didn’t help. We also tried PS with invoke-webrequest https://sonarcloud.io/api/server/version and we get a similar error indicating SSL issue. We are running Windows 2022 Server with .Net 8.0

2

Hi,

The issue could really be anywhere.

Let’s try another website, to see if the issue is with all websites or just SonarQube Cloud.

invoke-webrequest https://api.github.com/repos/octocat/Spoon-Knife/issues
3

Hi Colin,

Thanks for your suggestion. We did try that and the request went ok with TLS 1.2.

StatusCode : 200
StatusDescription : OK
Content : [{“url”:"https://api.github.com/repos/octocat/Spoon-Knife/issues/37323",“repository_url”:"https://a
pi.github.com/repos/octocat/Spoon-Knife",“labels_url”:"https://api.github.com/repos/octocat/Spoon-K
ni…
RawContent : HTTP/1.1 200 OK
Vary: Accept,Accept-Encoding, Accept, X-Requested-With
X-GitHub-Media-Type: github.v3; format=json
Link: <https://api.github.com/repositories/1300192/issues?after=Y3Vyc29yOnYyOpLPAA
Forms : {}
Headers : {[Vary, Accept,Accept-Encoding, Accept, X-Requested-With], [X-GitHub-Media-Type, github.v3;
format=json], [Link, <https://api.github.com/repositories/1300192/issues?after=Y3Vyc29yOnYyOpLPAAAB
mDkLZajOwiwung%3D%3D&per_page=30&page=2>; rel=“next”], [x-github-api-version-selected,
2022-11-28]…}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 84874

So we need to understand the issue with TLS on the scan server.
I’m suspecting maybe the TLS 1.2 cypher suits they are using are not allowed on our end. I will try looking into the response with WireShark.

Noam.

4

So this was solved when we started WireShark and noticed the server is missing critical TLS 1.2 Cypher Suits in it’s TLS handshake offering. This happened because the server was not accepting the Cypher Suits GPO which was related to a VMWare Tools version that caused issues with the LAN interface of the server. After the update of VMware Tools and the download of the Cypher Suits GPO everything started working as expected.

5

Hi @noamlugasi

What do you mean by “server” in your last answer ? Was the issue on your side at the end ? This will help us clarify if we need to investigate.

Thanks a lot !

Best,

6

Hi Mickael,

The “server” is our build server. It had a specific issue with the LAN interface caused by the version of VMWare-Tools installed. So the process was:

  1. Check the response from sonarqube.io with WireShark - we noticed the TLS offering from our build server was missing critical TLS 1.2 cypher suits.
  2. We checked the cypher suits GPO and noticed that the GPO is not downloading to the server - this lead to checking other network services and that’s when we found the LAN driver on the server is faulty
  3. We updated the LAN drivers with a new VMware-Tools version and from that point everything was working well

Hope this clarify my previous answer.

Noam.

7

Yes, thank you !