This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
Restricting Gallery SSL protocols and cipher suites FAQ
How do I restrict SSL protocols and cipher suites used to access the Gallery?
Alteryx does not put restrictions on the SSL cipher suites that can be utilized to access the Gallery. With proper SSL configuration, you can restrict the protocols the Gallery server will accept via Schannel settings on the server. This is possible because Alteryx uses HTTP.sys on the Windows server to run the Gallery.
Alteryx Server leverages the Windows Schannel cryptographic provider for cipher negotiation. Disabling individual ciphers or cipher suites can be accomplished via Schannel SSP settings, for example, via GPO (Computer Configuration->Administrative Templates->Network->SSL Configuration Settings->SSL Cipher Suite order). They can also be disabled with PowerShell, using cmdlets from the TLS module with this syntax: Disable-Tls-CipherSuite -Name “Cipher_Suite_Name”.
You can check the SSL protocols and cipher suites that are currently enabled on your web browser by going to: https://www.ssllabs.com/ssltest/viewMyClient.html. This website also has sections to check other browser versions, vulnerabilities, and Mixed Content Handling.
There is a free tool for the administration of protocols, ciphers, hashes, and key exchange algorithms on Windows. You can also reorder SSL protocols and cipher suites. The download is available at https://www.nartac.com/Products/IISCrypto. It includes a Best Practice button that is a good place to start, and further restrictions can be selected if needed.