Setting Cipher Restrictions - Parallel Upgrade Tool (PUT)

Parallel Upgrade Tool (PUT) Reference

Product
Parallel Upgrade Tool (PUT)
Release Number
3.09
Published
February 2020
Language
English (United States)
Last Update
2020-02-24
dita:mapPath
ows1493317469465.ditamap
dita:ditavalPath
ows1493317469465.ditaval
dita:id
B035-5716
Product Category
Software
Teradata Tools and Utilities

Ciphers are used when connecting to TDput with https. Customers with the most stringent security requirements should use the TDput defaults.

PUT allows TLS1.2 only by setting the allowed ciphers to TLSv1.2:HIGH:!aNULL:!NULL:@STRENGTH. If your security needs require that these ciphers be disallowed, you can create a cipher file providing TDput with a cipher list that is more restrictive. TDput uses this instead of the defaults.

  1. To disallow ciphers like MD5 or RC4, create the /opt/teradata/TDput/data/AllowedCiphers file.
    See the Open SSL Ciphers page for the list of cipher formats: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html
    The following are examples of valid strings. No quotes are needed:
    HIGH:!MD5:@STRENGTH
    MEDIUM:HIGH:!MD5:!RC4:@STRENGTH
  2. Restart PUT services by typing the following: /etc/init.d/TDput restart.