Configuring Both SSL and TLS Protection - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

SSL and TLS provide similar functionality, so you do not need to use both methods, however, it can be beneficial to have both forms of protection configured on the same system.

Sites that use SSL protection can also configure TLS protection as a backup, in case the LdapServerName property is accidently configured to contain a non-SSL URL, for example:

  1. You can configure the LdapServerName property using an _ldaps._tcp or _gcs._tcp URL scheme to automatically enable SSL protection.
  2. You can also set LdapClientUseTls=yes to enable TLS protection. As long as an _ldaps._tcp or _gcs._tcp URL scheme is in force for the LdapServerName property, TDGSS ignores the setting of the LdapClientUseTls property, and continues to use the SSL protection specified in the LdapServerName property.
  3. If someone accidently changes the LdapServerName configuration to _ldap._tcp or _gc._tcp, which disables the SSL protection, the system automatically uses the LdapClientUseTls=yes setting to maintain protection, using TLS.

See LdapServerName.