Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW

Are Qlik Replicate Instances non-PCI Compliant?

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Dana_Baldwin
Support
Support

Are Qlik Replicate Instances non-PCI Compliant?

Last Update:

Feb 10, 2023 7:38:07 AM

Updated By:

Sonja_Bauernfeind

Created date:

Feb 8, 2023 1:27:05 PM

A security scan may report that Qlik Replicate instances are non-PCI compliant due to weak SSL ciphers on ports 443, 3389 and 3552.

Out of these ports, 443 and 3552 are used by Qlik. Port 3389 is RDP.

 

Environment

 

Resolution

The security of Qlik products does not depend only on the Qlik software. It also relies on the security of the environment that, in this case, Qlik Replicate operates in. This means that the security of, for example, the operating system and the cryptographic protocols (such as TLS/SSL) has to be set up and configured to provide the security needed for Qlik Replicate.

Qlik cannot offer advice on how to configure Windows to disable certain ciphers which customer security guidelines forbid.

For information on how to mitigate these reports, please see: https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings.

Lucky 13 and Sweet 32 are the versions which are not compliant for port 3552.

Luck-13 (https://crashtest-security.com/prevent-ssl-lucky13/) and Sweet-32 (https://crashtest-security.com/prevent-ssl-sweet32/) are not versions, nor are they ciphers that Replicate uses on port 3552. Those are old vulnerabilities (5Y+) that are either mitigated in the version of OpenSSL currently used in Qlik Replicate (with its cipher selection) or is otherwise impractical or irrelevant in the way Qlik Replicate works. 

Labels (1)
Version history
Last update:
‎2023-02-10 07:38 AM
Updated by: