QOP Configuration Change Guidelines - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-02
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™
  • The system attempts to use the first DEFAULT QOP listed, but tries others if the first QOP does not work. For example, Java clients do not support encryption stronger than AES-128 without installation of a special security policy package, and will use AES-128 regardless of what QOP is listed first.

    To allow Java clients to use stronger encryption, download the JAVA Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files and copy the jar files to the JRE home/lib/security directory.

  • You can delete QOPs from the DEFAULT QOP list to narrow the encryption options.
  • Changing the TDGSS configuration on a database system requires a tpareset, during which the database is temporarily unavailable. Plan to make QOP changes along with other TDGSS configuration changes to minimize downtime.
  • Guidelines for Galois/Counter Mode (GCM) and Counter with Cipher Block Chaining-MAC (CCM):
    • GCM and CCM are authenticated encryption modes.
    • GCM mode is supported in Java 1.8 and later.
    • CCM mode is not supported in Java.