Skip to main content Skip to complementary content
Qlik Resources
Announcements
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Configuring preferred cipher suites for Qlik License Service in Qlik Sense Enterprise on Windows

You can rank the preferred cipher suites that Qlik License Service uses to encrypt and decrypt the signed key license.

The Qlik License Service is included in Qlik Sense Enterprise on Windows February 2020 and later releases.

The Qlik License Service uses Mutual TLS Authentication (mTLS) to ensure requests coming from both the server and client are trusted. The Qlik License Service listens on port 9200.

Information noteTLS 1.2 is supported since June 2017.

Supported cipher suites

The following cipher suites are supported by the Qlik License Service:

  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_GCM_SHA384

Configure preferred cipher suites

To configure the preferred cipher suites for the Qlik License Service, do the following: 

  1. Open the service.conf file.
    The default path is %Program Files%\Qlik\Sense\ServiceDispatcher\service.conf.

  2. Go to the following section:

    [licenses.parameters]
    -qsefw-mode
    -app-settings="..\Licenses\appsettings.json"

  3. Add a comma-separated list of ciphers to this section, as shown below:

    [licenses.parameters]
    -qsefw-mode
    -cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    -app-settings="..\Licenses\appsettings.json"
  4. Save the changes to the service.conf file and close it.
  5. Restart the Qlik Sense Service Dispatcher, which handles execution of the Qlik License Service.

  6. If you have a multi-node environment, repeat the steps above for each node.

Note on TLS 1.3 and cipher suites

If you are using Windows Server 2022 or higher, TLS 1.3 will be automatically used by the Qlik License Service when available. TLS 1.3 uses the following cipher suites:

  • TLS_AKE_WITH_AES_128_GCM_SHA256

  • TLS_AKE_WITH_AES_256_GCM_SHA384

  • TLS_AKE_WITH_CHACHA20_POLY1305_SHA256

You do not need to manually configure these ciphers, and they cannot be adjusted through the configuration file.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here