Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW

Qlik NPrinting Engine connection stays offline on February 2019 release and newer - RabbitMQ log shows "Insufficient Security no_suitable_ciphers"

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

Qlik NPrinting Engine connection stays offline on February 2019 release and newer - RabbitMQ log shows "Insufficient Security no_suitable_ciphers"

Last Update:

Apr 12, 2022 5:45:23 AM

Updated By:

Sonja_Bauernfeind

Created date:

May 13, 2019 2:53:41 AM

Qlik NPrinting April February 2019 SR1 and April 2019 server & engine could be installed successfully, however the engine connection located in the Qlik NPrinting engine manager shows an engine with an offline status.

Check all Qlik NPrinting logs for any 'WebSocket' errors. See example below:

"WebSocket connection to 'wss://localhost:2727/app/4857231c-57 <others logs> net::ERR_CONNECTION_CLOSED, source"
 

In the logfile of RabbitMQ normally located here C:\ProgramData\NPrinting\RabbitMQ\log following entry can be found repeatedly:

"TLS server: In state hello at tls_handshake.erl:197 generated SERVER ALERT: Fatal - Insufficient Security - no_suitable_ciphers"
 


Environments:

Qlik NPrinting, February 2019 SR1 and newer versions running on RabbitMQ 3.7.10

 

Resolution:


RabbitMQ 3.7.10 (Qlik NPrinting Messaging Service) supports the following list of 36 cipher suites for the TLS version 1.2:

Note: For latest information see TLS cipher suites - Qlik NPrinting 

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

This cipher suites list is valid from February 2019 SR1 and higher.

To resolve this issue, at least one of these cipher suites needs to be enabled on all of the following servers:

  • Qlik NPrinting server
  • Each NPrinting Engine computer connected to the NPrinting server computer.
  • Each Qlik Sense server that the NPrinting server connects to

Note: The cipher suites enabled should be consistent across all machines mentioned above

Note: Cipher suites may be updated in the future following an Erlang upgrade as some new cipher suites could be added and or be removed due to deprecation or for security reasons. 

To verify cipher suites support for the RabbitMQ version, use the the batch script located at %ProgramFiles%\NPrintingServer\rabbitmq_server-3.7.10\sbin\rabbitmq-diagnostics.bat:

-Open an administrator command prompt
-Change directory 
CD C:\Program Files\NPrintingServer\rabbitmq_server-3.7.10\sbin
-Use the following command:
rabbitmq-diagnostics cipher_suites --openssl-format -q


Example: 

CD C:\Program Files\NPrintingServer\rabbitmq_server-3.7.10\sbin
rabbitmq-diagnostics cipher_suites --openssl-format -q


More information on this is available in https://www.rabbitmq.com/ssl.html#cipher-suites

To Verify Cipher Suites on Qlik Sense server:

Internal Investigation IDs:

  • OP-8617
  • HLP-5114: Documentation improvement in order to have this information documented in our help page.
Version history
Last update:
‎2022-04-12 05:45 AM
Updated by: