Is it possible to serve SonarQube on https without a external proxy server? What is the default tls version? Is it possible to enable/disable tls versions?
Hello @pepega and welcome to the community 
no. This functionality used to be a thing in the past, but there are better tools to handle TLS, so the current recommendation is to install a reverse proxy in front of sonarqube that does TLS. This configuration is up to you.
You can find some documentation about it here
hope that helps 
Noted, thank you for your reply. On a side note, is there a functionality to lock a user account upon X number of consecutive failed authentication attempts? If not, what is the mitigation control for it?
We usually suggest that you delegate authentication to an external system, like your devops platform (github/gitlab) where you host your source code anyway. If this is not available you can use SAML or LDAP to achieve this.