QlikView 12.70 SR1 introduces the possibility of disabling RC4.
This will require applying a change to the QlikView Management Service and QlikView WebServer’s config settings and the QlikView Server's settings.ini.
This will also require applying a change to every client that needs to use the Open In Server (QlikView Desktop) functionality and for every client that uses the IE-Plugin on Microsoft Edge (Internet Explorer is no longer supported).
Note: Clients using only AJAX (browser) or only opening local files (QlikView Desktop) will not require a setting change.
LIMITATION: disabling RC4 is currently not supported if QlikView Desktop or the IE-Plugin are running on Windows 2022.
On all nodes, stop the QlikView WebServer (or Setting Service) and QlikView Management Service
Take a backup copy of the QVManagementService.exe.config (under C:\Program Files\QlikView\Management Service) and the QVWebServer.exe.config (under C:\Program Files\QlikView\Server\Web Server) config files
Using a text editor with administrator permissions, edit the two above-mentioned config files
Change ”true” in the line <add key="EnableRC4" value="true" /> --> to ”false”
Save the files and close
Restart the services
Further server-side changes (only needed for "Open in Server" and "IE-plugin"):
On all nodes, stop the QlikView Server (QVS.exe) service
Change the line SessionAlgorithm=Legacy to SessionAlgorithm=CALG_AES_128
Save the file and close
Relaunch the client or browser
IMPORTANT: when using the IE-plugin or "Open In Server" the server and the clients will need to run on the same SessionAlgorithm, either Legacy (RC4 enabled) or CALG_AES_128 (RC4 disabled). Using different algorithms will break the connectivity between a client and a server. AJAX is not affected by this and does not require client-side changes. Changes are also not required if a Desktop client is only used to open local files (no connection to QVS).