Alteryx Server Knowledge Base

Definitive answers from Server experts.

Restricting Gallery SSL protocols and cipher suites FAQ

EricWe
Alteryx
Alteryx
Created
Restricting Gallery SSL protocols and cipher suites FAQ

How do I restrict SSL protocols and cipher suites used to access the Gallery?

Alteryx does not put restrictions on the SSL cipher suites that can be utilized to access the Gallery. With proper SSL configuration, you can restrict the protocols the Gallery server will accept via Schannel settings on the server. This is possible because Alteryx uses HTTP.sys on the Windows server to run the Gallery.

Alteryx Server leverages the Windows Schannel cryptographic provider for cipher negotiation. Disabling individual ciphers or cipher suites can be accomplished via Schannel SSP settings, for example, via GPO (Computer Configuration->Administrative Templates->Network->SSL Configuration Settings->SSL Cipher Suite order). They can also be disabled with PowerShell, using cmdlets from the TLS module with this syntax: Disable-Tls-CipherSuite -Name “Cipher_Suite_Name”. 

You can check the SSL protocols and cipher suites that are currently enabled on your web browser by going to: https://www.ssllabs.com/ssltest/viewMyClient.html. This website also has sections to check other browser versions, vulnerabilities, and Mixed Content Handling.

There is a free tool for the administration of protocols, ciphers, hashes, and key exchange algorithms on Windows. You can also reorder SSL protocols and cipher suites. The download is available at https://www.nartac.com/Products/IISCrypto. It includes a Best Practice button that is a good place to start, and further restrictions can be selected if needed.

To configure SSL and TLS settings directly in the registry keys, see Microsoft’s article Transport Layer Security (TLS) registry settings.

What if I just want to disable SSL 2.0/3.0? 

If you are just interested in disabling SSL 2.0/3.0, Microsoft has an article on it as a security bulletin Microsoft Security Advisory 3009008. Look for the Disable SSL 3.0 in Windows section.

Additional Resources

Cipher Suites in TLS/SSL (Schannel SSP)
Configuring TLS Cipher Suite Order
Restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
No ratings