It doesn't seems to be related to Qlik Sense or the Proxy, It seems to be something related to the type of form you made the certificate and Chrome:
ssl - IIS TLS Certificate - Chrome says we are using "obsolete cryptography" - Stack Overflow
Useful link! And in there is another reference to a rather technical page about TLS:
"Obsolete Cipher Suites
You may see: “Your connection to example.com is encrypted with obsolete cryptography.”
This means that the connection to the current website is using an outdated cipher suite (which Chrome still allows if the server insists on it).
In order for the message to indicate “modern cryptography”, the connection should use forward secrecy and either AES-GCM or CHACHA20_POLY1305. Other cipher suites are known to have weaknesses. Most servers will wish to negotiate TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256."
Still a bit confused if, and how, I could solve this for all Chrome users using Qlik. Either by:
- Setting security less strict (is it safe?). Probably a separate setting for each computer
- Changing something in Qlik
- Doing something with the existing or a new (type) of certificate
Indeed. I have had an internal discussion with our IT department, and had contact with Qlik Support. I now understand the situation better, and more importantly: I have enough confidence there is no immediate security risk.
Some additional info that might be relevant for others with the same situation/questions:
- Once Qlik is made available outside our company domain the F5 (load balancer) will probably be able to provide additional SSL/HTTPS security configurations. Then this issue deserves a closer look and further investigation/action on how to handle/block TLS1.0 requests.
- There is no explicit way to configure Sense into blocking certain request types (e.g. TLS1.0).
- Browser, OS and .NET framework influence what cryptography systems use. Smart thing to keep them all updated.
- No immediate security risk, when TLS 1.0 is used.
- I updated the OS and browser version on the machines that used to show a red-lock-indicator, and they now indicate a reassuring green-lock-indicator. The notification about obsolete cryptography is accepted as this moment.