Hey everybody.
We wanted to give an update on the issue that impacted users of the SonarScanner for .NET (and by extension, the SonarScanner for Azure DevOps) to let you know exactly what happened and what’s coming next.
For a long time now (up to and including v5.4.1 of the SonarScanner for .NET ) TLS 1.0, 1.1, and 1.2 have been the supported protocols for connecting to SonarCloud or a SonarQube server. It was not possible to use the newer TLS 1.3 — which was not ideal as TLS 1.3 offers improvements over former versions such as a faster TLS handshake and being able to use simpler, stronger cipher suites.
With Windows 11 and Windows Server 2022 supporting TLS 1.3, we thought it was time to remove this limitation — moreover, we wanted to turn control back to the Operating System about what protocols could be used.
However, we got into trouble — as our implementation tried to enable TLS 1.3 on systems where TLS 1.3 is not supported (of which there are many).
This resulted in the following exception being thrown on those systems:
Unhandled Exception:
System.NotSupportedException: The requested security protocol is not supported.
This morning we re-released the SonarScanner for Azure DevOps with v5.4.1 of the SonarScanner for .NET. This should fix the immediate problem for all users.
What’s next?
- v5.5.1 of the SonarScanner for .NET was released today, which does not blindly try to enable TLS 1.3
- Eventually, we will cut another release of the SonarScanner for .NET with proper TLS 1.3 support (where possible) and that version will be embedded in the SonarScanner for Azure DevOps
We sincerely apologize for the inconvenience and are happy to answer any other questions.