Analyzing Qlik Sense endpoints, using for example https://www.ssllabs.com/ssltest/analyze.html
- The site being vulnerable for POODLE attacks and Insecure renegotiation
- Certificates using SHA1 instead of SHA256 cipher
Qlik Sense All
The security in Qlik Sense does not depend only on the Qlik Sense software. It also relies on the security of the environment that Qlik Sense operates in. This means that the security of, for example, the operating system and the cryptographic protocols (such as TLS/SSL) has to be set up and configured to provide the security needed for Qlik Sense.
Mitigate POODLE attack
To mitigate POODLE attacks, one step is to completely disable SSLv3.0 on the server.
This can be done at the OS level, see Microsoft Security Advisory 3009008
for more instructions on how to accomplish this and the impact of doing so.
Insecure renegotiation may be mitigated by disabling renegotiation. This can be done at the OS level by adding the following Windows registry key:
R&D have provide the following if above is not successful:
Schannel settings ( Secure Channel
) and that a Windows Administrator should configure it to meet their requirements.Note: Any changes at the OS level must be thoroughly tested as they may cause other software to no longer function as expected, or clients may be unable to communicate with the server. If any side effects are experienced, the changes should be reverted back to the original settings.