TLSv1.2 Support and Ciphers Enhancement | SQL Engine 17.10 | Teradata Vantage - 17.10 - TLSv1.2 Support for Client Connections to SQL Engine and Cipher Suite Enhancements - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Release Summary

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Release Notes
Publication ID
B035-1098-171K
Language
English (United States)

TLSv1.2 is supported between clients and the database server in Release 17.10. This includes new tools and utilities:

  • gtwcontrol - New options to enable or disable TLSv1.2 and trace the protocol.
  • gtwglobal - New options to update the TLS configuration from the gateway TLS configuration.
  • nodenames - Displays the network interfaces that a node is known by. The node names are discovered by querying DNS. This information is helpful when you generate a Certificate Signing Request (CSR) because nodenames provides the common name (CN) and subject alternative names (SANs) that are used in the CSR.
  • tlsutil - A tool used to obtain and install signed certificates and private keys that are required for TLS. tlsutil uses the nodenames command internally.

The cipher suite has been updated.

  • The following ciphers are included by default:
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_GCM_SHA256
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-RSA-AES256-GCM-SHA384
    • DHE-RSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-CHACHA20-POLY1305
    • ECDHE-RSA-CHACHA20-POLY1305
    • DHE-RSA-CHACHA20-POLY1305
    • ECDHE-ECDSA-AES128-GCM-SHA256
    • ECDHE-RSA-AES128-GCM-SHA256
    • DHE-RSA-AES128-GCM-SHA256
    • AES256-GCM-SHA384
    • AES128-GCM-SHA256
  • Customers may change the ciphers as needed.

Benefits

  • TLSv1.2 is an industry standard protocol to secure network traffic between client and server.
  • SQL Engine Release 17.10 system can be configured to prevent client applications from logging on if they are not using TLSv1.2. As a default configuration, SQL Engine Release 17.10 is capable of supporting TLSv1.2. Certificates must be configured appropriately for SQL Engine to take advantage of the TLSv1.2 feature.

Considerations

  • Client applications must be updated to Teradata Tools and Utilities (TTU) Release 17.10 to use TLSv1.2.
  • DNS setup is required to use the tlsutil and nodenames tools.

Additional Information

  • Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100
  • Teradata Vantage™ - Database Utilities