Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Jun 29, 2023 3:05:10 AM
Jul 2, 2021 10:53:10 AM
All the steps below need to be performed by Windows Administrator on Windows level. These steps are not supported by Qlik Support. Consult Windows Support before proceeding.
Warning: This change can negatively affect NPrinting. NPrinting should not be installed on the same machine as Qlik Data Transfer.
See the following article for Cipher Suite Requirements: Cipher Suite Requirements
The Ciphers in this list include the needed Cipher for QDT May SR1 + the Cipher already present in our standard Windows 2012 R2 machine.
Generic weak Ciphers have already been removed from the list, but if you are looking for additional information on how Ciphers can be enabled/disabled, see Disabling Weak Cipher suites for TLS 1.2 on a Windows machine running Qlik Sense Enterprise on Windo....
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
The Cipher Suites will now be correctly listed:
The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.
Hi @Benoit_C ,
Can you elaborate a bit on the NPrinting impact?
You say this can negatively impact NPrinting, but are we talking performance-wise or functionality-wise?
In this article, you also state that NPrinting should not be installed on the same machine as QDT.
I cannot find this on the Qlik Help & QDT System Requirements?
Is this a hard requirement?
Thanks.
Hi @Fred,
If you do use Qlik Data Transfer in a Production server we recommend to have a dedicated server for it.
For the NPrinting impact with Windows 2012, Qlik Data Transfer doesn't need the same Cipher than Nprinting, that's why we've put the warning.
For Qlik Data Transfer:
https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/QlikDataTransfer/install...
For NPrinting:
Guys
There is a dot '.' after MD5.
Replace with ','
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Corrected, thanks @thiago_tsds
Hi @Benoit_C,
https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/QlikDataTransfer/install...
The above help includes the following statement.
"For instructions for updating the TLS Cipher Suite in your system or to disable weak ciphers in the Qlik DataTransfer environment, see the following community article:"
The link is to this article.
However, I don't think this article contains the steps to disable weak ciphers.
Could you tell me the steps to disable weak ciphers?
Thanks.
Hi @afujikawa,
I believe you are looking for the below article:
https://community.qlik.com/t5/Official-Support-Articles/Disabling-Weak-Cipher-suites-for-TLS-1-2-on-...
Regards,
Benoit
Hello @afujikawa
We've updated the article to add clarity. The Cipher suites listed in this article are sufficient and already do not include known weak ones. It should be all you need to get started. If, however, you need more details on reviewing the Cipher suites, I added a link to the article that Benoit mentioned.
Though we of course also recommend Windows documentation itself, as this will provide you with more in-depth explanations. What you need to remember are the Ciphers the Data Gateway needs when you start planning what to disable; otherwise, you'll be good to go.
All the best,
Sonja
Hi @Benoit_C @Sonja_Bauernfeind
Thanks for the quick reply.
Sorry for the late reply.
I understood the following.
1. If Qlik DataTransfer May 2021 or later is used on Windows Server 2012 R2, it is necessary to do the steps in this article.
2. "The Cipher suites listed in this article are sufficient and already do not include known weak ones."
Therefore, disabling is not necessary.
Thanks.
Hi @afujikawa, yes that's correct 👍