Secure Ark findings says Qlik sense still allowing SSL 3.0 connections
Hi. We are using Qlik Sense November 2017 edition (11.24.1) installed in windows server 2016. Recently during security audit findings. SecureArk scans showed that Qlik sense is still allowing SSL 3.0 connection over the ports 443, 4242, 4899, 5050,5151. We are very much sure we disabled all the protocols except TLS1.2. We restarted the servers, but still the scan results finds that SSL 3.0 connections are passing through. Client is not allowing to pass the report unless there is a proper justification. Can someone throw light on why still Qlik Sense is allowing the protocols that are disabled already.
I'd encourage consulting with your organization to see if there are gold standard scripts to handle things, but if you're on your own you can leverage a tool like IISCrypto to set things appropriately in the Windows registry.