16.10 - Mechanism QOPs - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

Each applicable mechanism contains QOP options that can be set for that mechanism in the TdgssUserConfigFile.xml. The following example shows the TdgssUserConfigFile.xml for a fresh install for Release 14.10 and up. If the last fresh install of Teradata Database was done previous to Release 14.10, theTdgssUserConfigFile.xml has a different appearance.

For an explanation of QOP options and instructions on making QOP settings, see Working with Quality of Protection Options.

       <!-- Teradata Method 2 (uses AES) -->
       <Mechanism Name="TD2">
            <!-- DHKeyP and DHKeyG are for legacy (pre-14.0) use only -->
            <MechanismProperties
                ...
                />
            <!-- To disable legacy (pre 14.0) security,
                 uncomment the MechQop Value="0" directly below. -->
            <!-- LEGACY QOP
            <MechQop Value="0"/>
            -->
            <!-- To update security uncomment one or more QOPs and edit. -->
            <!-- DEFAULT QOP
            <MechQop Value="Default">
                AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
                AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
                AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
            -->
            <!-- LOW SECURITY QOP
            <MechQop Value="Low">
                AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
            -->
            <!-- MEDIUM SECURITY QOP
            <MechQop Value="Medium">
                AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
            -->
            <!-- HIGH SECURITY QOP
            <MechQop Value="High">
                AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
            -->
        </Mechanism>