Cipher Suite and Overriding Config File | SQL Engine 17.10 | Teradata Vantage - Cipher Suites and Overriding the Configuration File - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

The gateway TLS configuration file contains the configured cipher suites from which the gateway parses and loads the secure cipher suites. The configuration file is in standard OpenSSL format.

The configuration file is located here: /usr/tgtw/etc/gtwtls.cfg.

To override the settings to add or remove ciphers, copy and paste the configuration file into a local file called /usr/tgtw/etc/localgtwtls.cfg and make your edits there.

The default cipher suite list contains the following ciphers:

  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-CHACHA20-POLY1305
  • ECDHE-RSA-CHACHA20-POLY1305
  • DHE-RSA-CHACHA20-POLY1305
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • AES256-GCM-SHA384
  • AES128-GCM-SHA256