topic How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953 in Management & Governance

How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

PraveenArelli — Wed, 29 Jan 2025 16:38:32 GMT

Hi team,

I need your help/suggation on the vulnerabilities.

how to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port -4953 -vulnerability.

When I was check with the port number, it is showing the file as "nl-app-search.exe"

but we are not getting whats the issue is with it ?

Can any one know the issue of it please let us know.

really appriciate your help.

thanks.

Regards
Praveen

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

Chip_Matejowsky — Mon, 31 Jan 2022 13:54:03 GMT

Hi @PraveenArelli,

So this is more of a Windows issues than a Qlik Sense issue. What version of Qlik Sense are you running? There is a Qlik Sense Help entry as well as couple of Qlik Support articles regarding remediation of SSL Medium Strength Cipher Suites Supported (SWEET32) to review:

Best Regards

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

PraveenArelli — Tue, 01 Feb 2022 04:45:43 GMT

Hi Jowsky,

1st of all thank you for your response.

and we were followed all of the above instructions already, that was helped us to resolve the many things but we stucked with the only one that sweet32 with port-4953.

Really we need help on this. as I told that , when we check with the port number, it is pointing to "nl-app-search.exe".

Regards

Praveen

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

Maria_Halley — Tue, 01 Feb 2022 11:59:31 GMT

@PraveenArelli

This is reported as a defect.

The defect but I am not 100% sure that it has been released yet

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

PraveenArelli — Mon, 07 Feb 2022 05:29:46 GMT

We are using Latest version Nov 2021, Ptach-3, I believe if it's a bug not yet released.

if it's not a bug, any suggestions to resolve it ?

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

Maria_Halley — Mon, 07 Feb 2022 09:32:19 GMT

Hi,

This is fixed in Qlik Sense November 2021SR4.

See release notes

QlikSense Release notes

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

PraveenArelli — Tue, 08 Feb 2022 14:07:39 GMT

Hi Halley,

Thanks for your response.

But unfortunately, the issue is not yet resolved after upgrading to Nov 2021, Patch-4 also.

please let me know , if any changes or settings required for remediate the port-4953 vulnerability.

Regards

Praveen

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

Maria_Halley — Thu, 10 Feb 2022 11:38:36 GMT

@PraveenArelli

Can you try this? (always make sure you have backups before changing the configuration)

1. Open C:\Program Files\Qlik\Sense\ServiceDispatcher\services.conf in edit mode(admin)
2. Add "--tls-min-version=TLS12" as nl-app-search parameter as shown below

[nl-app-search.parameters]
--mode=server
--port=${NLAppSearchPort}
--log-path=${LogPath}
--qrs-port=${QrsPort}
--capability-service-port=${CapabilityPort}
--dps-port=${DataPrepPort}
--tls-min-version=TLS12

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

PraveenArelli — Mon, 14 Feb 2022 15:35:15 GMT

Hi Maria,

yes, we applied these changes also, but no luck this time also.

still Sweet32 for port-4953 vulnerability is exist.

please take it as priority one, we need it very urgent and important to us.

Regards

Praveen

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

Maria_Halley — Wed, 16 Feb 2022 10:00:36 GMT

@PraveenArelli

I think at this point you need to create a case.

Create case

Re: How to remediate the "SSL Medium Strength Cipher Suites Supported (SWEET32)" -port 4953

Ken_T — Thu, 28 Jul 2022 13:36:07 GMT

was this ever resolved?