Solved: Re: TLS 1.3 for Qlik Sense? - Qlik Community

vegard_bakke · ‎2019-05-24

Hi,

I'm trying to find documentation for the TLS version that Qlik Sense supports, but all I find is rather outdated.

Does anyone know if TLS 1.3 is supported, and how to disable other (older) TLS/SSL versions?

Cheers,

Vegard 🙂

Alexis_Touet · ‎2019-05-25

Hi Vegard,

As Kabir mentionned and as far as I am aware of TLS 1.3 is not fully supported for Qlik products.

See article :

https://support.qlik.com/articles/000041613

Regarding your question on how to disable other ssl/tls versions, they are several options to do it (e.g windows registry, powershell) but an easy way to achieve this is with this freeware:

https://www.nartac.com/Products/IISCrypto

You will only need to uncheck the protocols you no longer require - I would suggest you do the same with the cipher suites you find not enough secured (it can also be done with this tool).

Hope it helps.

Best regards,

Alexis

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉

View solution in original post

s_kabir_rab · ‎2019-05-24

Hi,

I am not sure its fully supported. To my knowledge it supports 1.2

I found this on support but like you said its outdated -

As it comes to the right protocols, please see the list based on the public available information in November 2017.

QlikSense:

Qlik Sense 2.0.x and 2.1 and earlier only support TLS 1.0
Qlik Sense 2.2 and Qlik Sense 2.0.7 will get support for TLS 1.2
Qlik Sense 3.x, TLS 1.2 will be supported completely.
TLS 1.3/2.0 are not yet fully supported

Kabir
Please do not forget to the mark the post if you find it useful or provides you the solutions 🙂

Alexis_Touet · ‎2019-05-25

Hi Vegard,

As Kabir mentionned and as far as I am aware of TLS 1.3 is not fully supported for Qlik products.

See article :

https://support.qlik.com/articles/000041613

Regarding your question on how to disable other ssl/tls versions, they are several options to do it (e.g windows registry, powershell) but an easy way to achieve this is with this freeware:

https://www.nartac.com/Products/IISCrypto

You will only need to uncheck the protocols you no longer require - I would suggest you do the same with the cipher suites you find not enough secured (it can also be done with this tool).

Hope it helps.

Best regards,

Alexis

Please don't forget to mark a correct resolution or answer to your problem or question as correct, as it will help other members to find solutions more easily 😉

vegard_bakke · ‎2019-05-25

Thank you! 🙂

I guess it would be nice if this article mentioned the Qlik releases with Month-Years as well, since 3.x is a while ago now. Especially when it comes to security.

Cheers,
Vegard 🙂

vegard_bakke · ‎2019-05-27

For other readers:

You can also user PowerShell to check what SSL/TLS version you have enabled, using the script on this site:
https://www.thecodeasylum.com/testing-ssl-and-tls-with-powershell/

(Remember to change the DNS name on the last line in the script.)

And you can check what ciphers you have enabled using the powershell command:

Get-TlsCipherSuite | Format-Table Name

Even TLS 1.2 can have weak ciphers enabled.

rusanov_eduard · ‎2020-05-23

You can still check with nmap for Windows. Latest stable release self-installer: nmap-7.80-setup.exe

Immediately shows the protocols used, security level of cyphers, recommendations for unsafe cyphers.

1.Run cmd.

2.cd nmap.

3. run command: nmap -script ssl-enum-ciphers -p 443 your_host.com

TLS 1.3 for Qlik Sense?

Security

SSL

TLS