Qlik Community

Qlik Sense Deployment & Management

Discussion board where members learn more about Qlik Sense Installation, Deployment and Management.

Announcements
See why Qlik is recognized as a Leader for the 10th year in a row – and discover how Qlik can help put your business in the lead. Get Report
vinaykasireddy
New Contributor

Secure Ark findings says Qlik sense still allowing SSL 3.0 connections

Hi. We are using Qlik Sense November 2017 edition (11.24.1) installed in windows server 2016. Recently during security audit findings. SecureArk scans showed that Qlik sense is still allowing SSL 3.0 connection over the ports 443, 4242, 4899, 5050,5151. We are very much sure we disabled all the protocols except TLS1.2. We restarted the servers, but still the scan results finds that SSL 3.0 connections are passing through. Client is not allowing to pass the report unless there is a proper justification. Can someone throw light on why still Qlik Sense is allowing the protocols that are disabled already.

Attached the screen shot of secureark findings.

1 Reply
Highlighted
Employee
Employee

Re: Secure Ark findings says Qlik sense still allowing SSL 3.0 connections

How were those protocols disabled? Because Qlik Sense Enterprise just inherits the available protocols / cipher suites from the Windows OS.

What are the settings for this registry path:

  • HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
  • HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server

I'd encourage consulting with your organization to see if there are gold standard scripts to handle things, but if you're on your own you can leverage a tool like IISCrypto to set things appropriately in the Windows registry.