Configuring preferred cipher suites for QlikView Server
You can rank the preferred cipher suites that Qlik License Service uses to encrypt and decrypt the signed key license.
The Qlik License Service is included in QlikView Server April 2019 and in later releases.
If your Qlik License Service is set up to use certificate service authentication, then it uses Mutual TLS Authentication (mTLS). This protocol ensures that requests coming from both the server and client are trusted. The Qlik License Service listens on port 9200.
The following list shows the supported cipher suites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA25
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
To configure the preferred cipher suites for the Qlik License Service, do the following:
- Open the service.conf file.
The default path is %Program Files%\QlikView\ServiceDispatcher\service.conf. -
Go to the following section:
[license.parameters]
-qv-mode=true
-qv-auth-mode=cert -
Add a comma-separated list of ciphers to his section, as shown below:
[license.parameters]
-qv-mode=true
-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-qv-auth-mode=cert - Save the file and close.
- Restart the QlikView Server Service Dispatcher, which handles execution of the Qlik License Service.
-
If you have a multi-node environment, repeat the steps above for each node.