TLSv1.2 Support and Ciphers Enhancement | SQL Engine 17.10 | Teradata Vantage - 17.10 - TLSv1.2 Support for Client Connections to SQL Engine and Cipher Suite Enhancements - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Release Summary

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Release Notes
Publication ID
English (United States)

TLSv1.2 is supported between clients and the database server in Release 17.10. This includes new tools and utilities:

  • gtwcontrol - New options to enable or disable TLSv1.2 and trace the protocol.
  • gtwglobal - New options to update the TLS configuration from the gateway TLS configuration.
  • nodenames - Displays the network interfaces that a node is known by. The node names are discovered by querying DNS. This information is helpful when you generate a Certificate Signing Request (CSR) because nodenames provides the common name (CN) and subject alternative names (SANs) that are used in the CSR.
  • tlsutil - A tool used to obtain and install signed certificates and private keys that are required for TLS. tlsutil uses the nodenames command internally.

The cipher suite has been updated.

  • The following ciphers are included by default:
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_GCM_SHA256
    • DHE-RSA-AES256-GCM-SHA384
    • DHE-RSA-AES128-GCM-SHA256
    • AES256-GCM-SHA384
    • AES128-GCM-SHA256
  • Customers may change the ciphers as needed.


  • TLSv1.2 is an industry standard protocol to secure network traffic between client and server.
  • SQL Engine Release 17.10 system can be configured to prevent client applications from logging on if they are not using TLSv1.2. As a default configuration, SQL Engine Release 17.10 is capable of supporting TLSv1.2. Certificates must be configured appropriately for SQL Engine to take advantage of the TLSv1.2 feature.


  • Client applications must be updated to Teradata Tools and Utilities (TTU) Release 17.10 to use TLSv1.2.
  • DNS setup is required to use the tlsutil and nodenames tools.

Additional Information

  • Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100
  • Teradata Vantage™ - Database Utilities