ODBC driver supports the deterministic behavior from Teradata database for Prefer/Allow SSL mode. This enhances the utilization of port selection used for database connection. In the process of connecting to a Teradata database, ODBC driver receives information of which port (for example, HTTPS or TDMST) the database actively listens to. The deterministic behavior of SSLMode Prefer/Allow is dependent on the TLS setting of Teradata Gateway.
Below are the current available Teradata Gateway TLS settings:
disable
HTTPS port is disabled and TDMST port is enabled on the database side.
Under SSLMode=Allow or SSLMode=Prefer, ODBC driver consistently connects to the TDMST port or returns an error.
nolegacy
HTTPS port is enabled and TDMST port is disabled on the database side.
Under SSLMode=Allow or SSLMode=Prefer, ODBC driver consistently connects to the HTTPS port or returns an error.
require
Both TDMST and HTTPS ports are enabled on the database side.
SSLMode=Prefer, ODBC driver consistently connects to the HTTPS port or returns an error.
SSLMode=Allow, upon connecting to the database with TDMST port, the database would signal the driver that it requires a secured TLS connection. Hence, the driver falls back and consistently connects to the HTTPS port or returns an error.
enable (with TLS correctly configured)
Both TDMST and HTTPS ports are enabled on the database side.
SSLMode=Allow
ODBC driver only connects to the TDMST port or returns an error indicating that the TDMST port is enabled, but the driver fails to connect to it.
SSLMode=Prefer
ODBC driver only connects to the HTTPS port or returns an error indicating that the HTTPS port is enabled, but the driver fails to connect to it.
enable (without any TLS configured)
HTTPS port is disabled and TDMST port is enabled on the database side.
Under SSLMode=Allow or SSLMode=Prefer, ODBC driver consistently connects to the TDMST port or returns an error.
You can run the following commands to check or change the Teradata Gateway TLS setting:
- tdatcmd
- gtwcontrol -h
- gtwcontrol --TLS [disable|enable|require|nolegacy][,trace=yes|no|all]