Versions previous to April 2018 do not honour selected TLS version on Windows Server. This will most likely show in an external port scan where certain ports are shown to be accepting TLS 1.0 & 1.1 despite them being disabled.
9090 (DownloadPrep)
9098 (On-demand App Service)
9080 (Web extension Service)
Environment:
Qlik Sense April 2018 and higher.
Resolution:
After R&D made changes to be active in April 2018 and above, a client will be able to edit and create registry entries to disable SSL 3.0, TLS 1.0, and 1.1 via the registry and have them honoured in external port scans.
This may not be all that is required, but these should be first steps with their Windows Security team, who should discuss other Windows Server changes.
Please see the attached zip called "Disable SSL PowerShell".
Note: Qlik does NOT support the configuration or implementation of non-Qlik or Operating System related software. This script has been provided as-is intended to demonstrate a method for configuring the cryptographic protocols using Windows PowerShell. Administrators should consult with their internal Windows / Security / Compliance team(s) in order to determine how to configure their server(s).
These are Microsoft Scripts from this link for further information: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad...
