You can enable the LOW, MEDIUM, and HIGH QOP entries for the TD2, PROXY, JWT, and LDAP mechanisms to support the use of QOP security policies. For information about configuring a QOP security policy, see Network Security Policy.
You can change the encryption strength for any entry by substituting another algorithm.
- Uncomment the LOW, MEDIUM, and HIGH QOP entries to enable them for use with QOP security policies.
<!-- LOW SECURITY QOP --> <MechQop Value="Low"> AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048 </MechQop> <!-- MEDIUM SECURITY QOP --> <MechQop Value="Medium"> AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048 </MechQop> <!-- HIGH SECURITY QOP --> <MechQop Value="High"> AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048 </MechQop>
- You can optionally edit the LOW, MEDIUM, and HIGH QOP entries by changing to a stronger encryption algorithm, for example:
<!-- LOW SECURITY QOP --> <MechQop Value="Low"> AES-K192_GCM_PKCS5Padding_SHA2_DH-K2048 </MechQop> - After you complete editing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
/opt/teradata/tdgss/bin/run_tdgssconfig
- Run tpareset to activate the changes to the TDGSS configuration.
tpareset -f “use updated TDGSSCONFIG GDO”
For more information, see Changing the TDGSS Configuration.