About TLS | Analytics Database (SQL Engine) | Teradata Vantage - Using TLS with Client to Database Connections - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-02-29
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantageā„¢

The TLSv1.2 protocol provides confidentiality and data integrity for network traffic transmitted between clients and the Analytics Database Gateway.

  • HTTPS port 443 is the default port for TLS connections.
  • Port 1025 is the default port for legacy non-TLS connections.
  • TTU 17.10 client drivers and interfaces connect to SQL Engine 17.00 and 16.20, or Teradata Database 16.10 and 15.10 without using TLS.
  • If the Gateway is configured to require TLS, TTU Release 17.00 and later client drivers and interfaces cannot connect to SQL Engine 17.10.
  • TLS is supported by network-connected TTU drivers and interface products, including: JDBC, ODBC, .NET, and CLIv2.
  • Certificates must be in PEM format.

TLS can be configured to require clients to use only TLS, but the default configuration allows clients without TLS to connect to the database.

Prerequisites for TLSv1.2 Configuration

  • SQL Engine 17.10 or later.
  • TTU 17.10 or later.
  • Port 443 must be open on the firewall.
  • Certificate management is essential for TLSv1.2 enablement. How the certificates are managed is your responsibility according to their security policies and security requirements.

TLSv1.2 Considerations

  • TLS not available for the mainframe channel.
  • Performance varies by TLS cipher choice and workload.

Client Configuration

The default data transfer encryption setting for CLIv2 is SSLMODE=ALLOW which means prefer legacy port (and TDGSS) but optionally use TLS.

The default data transfer encryption setting for the drivers (JDBC, ODBC, and .NET) is SSLMODE=PREFER which means prefer TLS port but optionally use legacy port.

For detailed information about client TLS configuration, see the appropriate manual for your client.