The gateway TLS configuration file contains the configured cipher suites from which the gateway parses and loads the secure cipher suites. The configuration file is in standard OpenSSL format.
The configuration file is located here: /usr/tgtw/etc/gtwtls.cfg.
To override the settings to add or remove ciphers, copy and paste the configuration file into a local file called /opt/teradata/tdat/tgtw/site/tls/localgtwtls.cfg and make your edits there.
The default cipher suite list contains the following ciphers:
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES256-GCM-SHA384
- DH-DSS-AES256-GCM-SHA384
- DH-RSA-AES256-GCM-SHA384
- DHE-RSA-AES256-GCM-SHA384
- ECDH-RSA-AES256-GCM-SHA384
- ECDH-ECDSA-AES256-GCM-SHA384
- AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-GCM-SHA256
- DH-DSS-AES128-GCM-SHA256
- DH-RSA-AES128-GCM-SHA256
- DHE-RSA-AES128-GCM-SHA256
- ECDH-RSA-AES128-GCM-SHA256
- ECDH-ECDSA-AES128-GCM-SHA256
- AES128-GCM-SHA256