Solved: Re: Disabled TLS V1.0 and TLSV1.1 and Enable TLSV1... - Qlik Community

fkeuroglian · ‎2019-12-12

Hi Expert

I want to know if there is any process to Disabled TLS V1.0 and TLSV1.1 and Enable TLSV1.2 in QlikSense September 2018 version or in higher version?

Thanks a Lot

Fernando

Levi_Turner · ‎2019-12-13

> 1) Could be that some early versions of qliksense server doesn not allow to this change? (example Qliksense Server 3.1)

Potentially. See https://support.qlik.com/articles/000008695 for guidance on versions.

> 2) Apart to change in the registry of windows, i have to do some aditional changes in the qmc?

No, there are no changes needed on the Qlik Sense side. A reboot of the OS is required for Windows to register the activation / deactivation of cipher suites / protocols.

> 3) is an recomendation to enable the tls1.2 and disable the others?

This is something that we as a vendor are agnostic on. Exclusive TLS 1.2 use is encouraged generally for web apps, but organizations can vary on what they can support. We would encourage using the most robust protocols and cipher suites that we support and that meet the dependencies for the organization. For example if, for some reason, you need to support Windows XP machines (https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/) you aren't apt to be able to use TLS 1.2 only. I'm sure the same is true for mobile devices.

Most organizations have guidelines for this across all apps that they use / support, so checking with the individual organization is ideal.

View solution in original post

Levi_Turner · ‎2019-12-12

This is a Windows Operating System configuration, rather than a Qlik Sense specific one.

I'd encourage consulting with your organization to see if there are gold standard scripts to handle things, but if you're on your own you can leverage a tool like IISCrypto to set things appropriately in the Windows registry.

Cheers

fkeuroglian · ‎2019-12-13

Levi how are you? thanks for your reply

I know that it is an Operation system configuration, but:

1) Could be that some early versions of qliksense server doesn not allow to this change? (example Qliksense Server 3.1)

2) Apart to change in the registry of windows, i have to do some aditional changes in the qmc?

3) is an recomendation to enable the tls1.2 and disable the others?

Thanks a lot!

Fernando

Levi_Turner · ‎2019-12-13

> 1) Could be that some early versions of qliksense server doesn not allow to this change? (example Qliksense Server 3.1)

Potentially. See https://support.qlik.com/articles/000008695 for guidance on versions.

> 2) Apart to change in the registry of windows, i have to do some aditional changes in the qmc?

No, there are no changes needed on the Qlik Sense side. A reboot of the OS is required for Windows to register the activation / deactivation of cipher suites / protocols.

> 3) is an recomendation to enable the tls1.2 and disable the others?

This is something that we as a vendor are agnostic on. Exclusive TLS 1.2 use is encouraged generally for web apps, but organizations can vary on what they can support. We would encourage using the most robust protocols and cipher suites that we support and that meet the dependencies for the organization. For example if, for some reason, you need to support Windows XP machines (https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/) you aren't apt to be able to use TLS 1.2 only. I'm sure the same is true for mobile devices.

Most organizations have guidelines for this across all apps that they use / support, so checking with the individual organization is ideal.

fkeuroglian · ‎2019-12-13

Levi, totally clear!

Thanks a lot

Fernando

Disabled TLS V1.0 and TLSV1.1 and Enable TLSV1.2

Network

Qlik Sense

TLS