LdapClientTlsCipherSuite specifies the ciphers and cipher preference order that TDGSS accepts from OpenSSL, for use in the token exchange during directory user authentication.
Do not use this property without a full understanding of the effects of specifying a particular cipher. If you are not sure about the effect of this property, contact Teradata Services for assistance.
Valid Settings
| Setting | Description |
|---|---|
| "" (default) | No ciphers are specified. Causes OpenLdap to use its default cipher suite. |
| A custom list of ciphers | Consult OpenSSL documentation for cipher list requirements. |
Editing Guidelines
- To set a value, you must manually add this property to the TDGSS configuration file for the needed mechanisms. See Editing Configuration Files.
- Before you configure this property, use the command openssl ciphers -v ALL to obtain a list of ciphers available from OpenSSL.
- If you configure this property, use a colon-separated list of ciphers, in preference order. The list must be in accordance with OpenSSL documentation.
- You can specify HIGH, MEDIUM, LOW, EXPORT, or EXPORT40 (instead of cipher names) to indicate a strength range for acceptable ciphers.
- You can specify TLSv1, SSLv3, or SSLv2 to indicate a cipher suite.
- If you decide to configure this property, edit the value for all mechanisms that have the AuthorizationSupported property set to yes.
- Edit this property on the database and the Unity server, if used. Also see Coordinating Mechanism Property Values for Unity.