TDGSS LdapClientTlsCipherSuite Property | Teradata Vantage - LdapClientTlsCipherSuite - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-02
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

LdapClientTlsCipherSuite specifies the ciphers and cipher preference order that TDGSS accepts from OpenSSL, for use in the token exchange during directory user authentication.

Do not use this property without a full understanding of the effects of specifying a particular cipher. If you are not sure about the effect of this property, contact Teradata Support for assistance.

Valid Settings

Setting Description
"" (default) No ciphers are specified. Causes OpenLdap to use its default cipher suite.
A custom list of ciphers Consult OpenSSL documentation for cipher list requirements.

Editing Guidelines

  • To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
  • Before you configure this property, use the command openssl ciphers -v ALL to obtain a list of ciphers available from OpenSSL.
  • If you configure this property, use a colon-separated list of ciphers, in preference order. The list must be in accordance with OpenSSL documentation.
  • You can specify HIGH, MEDIUM, LOW, EXPORT, or EXPORT40 (instead of cipher names) to indicate a strength range for acceptable ciphers.
  • You can specify TLSv1, SSLv3, or SSLv2 to indicate a cipher suite.
  • If you decide to configure this property, edit the value for all mechanisms that have the AuthorizationSupported property set to yes.
  • Edit this property on the database.