Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adding Cipher Suite for Qlik Data Transfer on Windows 2012 R2

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Benoit_C
Support
Support

Adding Cipher Suite for Qlik Data Transfer on Windows 2012 R2

Last Update:

Jun 29, 2023 3:05:10 AM

Updated By:

Sonja_Bauernfeind

Created date:

Jul 2, 2021 10:53:10 AM

All the steps below need to be performed by Windows Administrator on Windows level. These steps are not supported by Qlik Support. Consult Windows Support before proceeding.

Warning: This change can negatively affect NPrinting. NPrinting should not be installed on the same machine as Qlik Data Transfer. 

See the following article for Cipher Suite Requirements: Cipher Suite Requirements

To add the required Cipher Suite:

  1. In the Windows server, open gpedit.msc and click on Enabled for Computer Configuration

  2. Expand Administrative Templates

  3. Expand Network  and SSL Configuration Settings -

  4. Open SSL Cipher Suite Order

  5. Copy past in the below to the Options field:
    The Ciphers in this list include the needed Cipher for QDT May SR1 + the Cipher already present in our standard Windows 2012 R2 machine.

    Generic weak Ciphers have already been removed from the list, but if you are looking for additional information on how Ciphers can be enabled/disabled, see Disabling Weak Cipher suites for TLS 1.2 on a Windows machine running Qlik Sense Enterprise on Windo....
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

     

  6. Click Apply and OK.

  7. (Important) Restart the server.

The Cipher Suites will now be correctly listed:

cipher.png

 

 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

 

Environment:

Qlik DataTransfer 

Qlik DataTransfer
Qlik DataTransfer
Labels (2)
14,610 Views
Was this article helpful? Yes No
Comments
Fred
Partner - Creator
Partner - Creator
‎2022-03-06 10:54 AM

Hi @Benoit_C ,

Can you elaborate a bit on the NPrinting impact?
You say this can negatively impact NPrinting, but are we talking performance-wise or functionality-wise?

In this article, you also state that NPrinting should not be installed on the same machine as QDT.
I cannot find this on the Qlik Help & QDT System Requirements?
Is this a hard requirement?

Thanks.

Benoit_C
Support
Support
‎2022-03-07 03:49 AM

Hi @Fred,

If you do use Qlik Data Transfer in a Production server we recommend to have a dedicated server for it.

 

For the NPrinting impact with Windows 2012, Qlik Data Transfer doesn't need the same Cipher than Nprinting, that's why we've put the warning.

For Qlik Data Transfer:

https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/QlikDataTransfer/install...


For NPrinting:


https://help.qlik.com/en-US/nprinting/May2021/Content/NPrinting/DeployingQVNprinting/TLS-cipher-suit...

 

thiago_tsds
Contributor II
Contributor II
‎2022-04-29 02:27 PM

Guys
There is a dot '.' after MD5.
Replace with ','

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Benoit_C
Support
Support
‎2022-05-02 01:59 AM

Corrected, thanks @thiago_tsds 

afujikawa
Partner - Creator
Partner - Creator
‎2023-06-29 12:22 AM

Hi @Benoit_C,

https://help.qlik.com/en-US/cloud-services/Subsystems/Hub/Content/Sense_Hub/QlikDataTransfer/install...
The above help includes the following statement.
"For instructions for updating the TLS Cipher Suite in your system or to disable weak ciphers in the Qlik DataTransfer environment, see the following community article:"
The link is to this article.

Screenshot 2023-06-29 at 130756.png

 

However, I don't think this article contains the steps to disable weak ciphers.
Could you tell me the steps to disable weak ciphers?

Thanks.

Benoit_C
Support
Support
‎2023-06-29 02:39 AM

Hi @afujikawa,

I believe you are looking for the below article:
https://community.qlik.com/t5/Official-Support-Articles/Disabling-Weak-Cipher-suites-for-TLS-1-2-on-...

Regards,
Benoit

Sonja_Bauernfeind
Digital Support
Digital Support
‎2023-06-29 03:08 AM

Hello @afujikawa 

We've updated the article to add clarity. The Cipher suites listed in this article are sufficient and already do not include known weak ones. It should be all you need to get started. If, however, you need more details on reviewing the Cipher suites, I added a link to the article that Benoit mentioned.

Though we of course also recommend Windows documentation itself, as this will provide you with more in-depth explanations. What you need to remember are the Ciphers the Data Gateway needs when you start planning what to disable; otherwise, you'll be good to go.

All the best,
Sonja 

afujikawa
Partner - Creator
Partner - Creator
‎2023-07-18 02:08 AM

Hi @Benoit_C @Sonja_Bauernfeind 

Thanks for the quick reply.
Sorry for the late reply.
I understood the following.

1. If Qlik DataTransfer May 2021 or later is used on Windows Server 2012 R2, it is necessary to do the steps in this article.
2. "The Cipher suites listed in this article are sufficient and already do not include known weak ones."
Therefore, disabling is not necessary.

Thanks.

Benoit_C
Support
Support
‎2023-07-18 02:39 AM

Hi @afujikawa, yes that's correct 👍

Version history
Last update:
‎2023-06-29 03:05 AM
Updated by:
Digital Support