Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
fkeuroglian
Partner - Master
Partner - Master

Disabled TLS V1.0 and TLSV1.1 and Enable TLSV1.2

Hi Expert

I want to know if there is any process to Disabled TLS V1.0 and TLSV1.1 and Enable TLSV1.2 in QlikSense September 2018 version or in higher version?

 

Thanks a Lot

Fernando

Labels (2)
1 Solution

Accepted Solutions
Levi_Turner
Employee
Employee

> 1) Could be that some early versions of qliksense server doesn not allow to this change? (example Qliksense Server 3.1)

Potentially. See https://support.qlik.com/articles/000008695 for guidance on versions.

> 2) Apart to change in the registry of windows, i have to do some aditional changes in the qmc?

No, there are no changes needed on the Qlik Sense side. A reboot of the OS is required for Windows to register the activation / deactivation of cipher suites / protocols.

> 3) is an recomendation to enable the tls1.2 and disable the others?

This is something that we as a vendor are agnostic on. Exclusive TLS 1.2 use is encouraged generally for web apps, but organizations can vary on what they can support. We would encourage using the most robust protocols and cipher suites that we support and that meet the dependencies for the organization. For example if, for some reason, you need to support Windows XP machines (https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/) you aren't apt to be able to use TLS 1.2 only. I'm sure the same is true for mobile devices.

Most organizations have guidelines for this across all apps that they use / support, so checking with the individual organization is ideal.

View solution in original post

4 Replies
Levi_Turner
Employee
Employee

This is a Windows Operating System configuration, rather than a Qlik Sense specific one.

I'd encourage consulting with your organization to see if there are gold standard scripts to handle things, but if you're on your own you can leverage a tool like IISCrypto to set things appropriately in the Windows registry.

Cheers

fkeuroglian
Partner - Master
Partner - Master
Author

Levi how are you? thanks for your reply

I know that  it is an Operation system configuration, but:

 

1) Could be that some early versions of qliksense server doesn not allow to this change? (example Qliksense Server 3.1)

2) Apart to change in the registry of windows, i have to do some aditional changes in the qmc?

3) is an recomendation to enable the tls1.2 and disable the others?

 

Thanks a lot!

 

Fernando

 

Levi_Turner
Employee
Employee

> 1) Could be that some early versions of qliksense server doesn not allow to this change? (example Qliksense Server 3.1)

Potentially. See https://support.qlik.com/articles/000008695 for guidance on versions.

> 2) Apart to change in the registry of windows, i have to do some aditional changes in the qmc?

No, there are no changes needed on the Qlik Sense side. A reboot of the OS is required for Windows to register the activation / deactivation of cipher suites / protocols.

> 3) is an recomendation to enable the tls1.2 and disable the others?

This is something that we as a vendor are agnostic on. Exclusive TLS 1.2 use is encouraged generally for web apps, but organizations can vary on what they can support. We would encourage using the most robust protocols and cipher suites that we support and that meet the dependencies for the organization. For example if, for some reason, you need to support Windows XP machines (https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/) you aren't apt to be able to use TLS 1.2 only. I'm sure the same is true for mobile devices.

Most organizations have guidelines for this across all apps that they use / support, so checking with the individual organization is ideal.

fkeuroglian
Partner - Master
Partner - Master
Author

Levi, totally clear!

Thanks a lot

Fernando