Cipher Suite and Overriding Config File | Analytics Database (SQL Engine) | Teradata Vantage - Cipher Suites and Overriding the Configuration File - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
ft:locale
en-US
ft:lastEdition
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantageā„¢

The gateway TLS configuration file contains the configured cipher suites from which the gateway parses and loads the secure cipher suites. The configuration file is in standard OpenSSL format.

The configuration file is located here: /usr/tgtw/etc/gtwtls.cfg.

To override the settings to add or remove ciphers, copy and paste the configuration file into a local file called /opt/teradata/tdat/tgtw/site/tls/localgtwtls.cfg and make your edits there.

The default cipher suite list contains the following ciphers:

  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • DH-DSS-AES256-GCM-SHA384
  • DH-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-GCM-SHA384
  • ECDH-RSA-AES256-GCM-SHA384
  • ECDH-ECDSA-AES256-GCM-SHA384
  • AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • DH-DSS-AES128-GCM-SHA256
  • DH-RSA-AES128-GCM-SHA256
  • DHE-RSA-AES128-GCM-SHA256
  • ECDH-RSA-AES128-GCM-SHA256
  • ECDH-ECDSA-AES128-GCM-SHA256
  • AES128-GCM-SHA256