IBM Data and AI

Welcome to the IBM Data and AI Ideas Portal for Clients!

We welcome and appreciate your feedback on IBM Data and AI Products to help make them even better than they are today!
Before you submit an idea, please perform a search first as a similar idea may have already been reported in the portal. If a related idea is not yet listed, please create a new idea and include with it a description which includes expected behavior as well as why having this feature would improve the service and how it would address your use case.
IBM Employees:
Clients:
  • Our team welcomes any feedback and suggestions you have for improving our offerings / products! This forum allows us to connect your offering / product improvement ideas with IBM product and engineering teams.

  • If you have not registered on this portal please click on the following link and register. To complete registration you will need to open the email you will receive from Aha to confirm your identity. http://ibm.biz/IBM-Data-and-AI-Portal-Register

Additional Information:
  • The shorter URL for this site is: https://ibm.biz/IBM-Data-and-AI-Ideas

  • To view our roadmaps: http://ibm.biz/Data-and-AI-Roadmaps

  • Reminder: This is not the place to submit defects or support needs, please use normal support channel for these cases

  • Please do not use the Ideas Portal for reporting bugs - we ask that you report bugs or issues with the product by contacting IBM support.

Add debugging/information options for encrypted client connections

While configuring/troubleshooting a Db2 LUW server in a setup with encrypted connections, we need methods to identify the encryption status and ciphers used.

E.g. Db2 client is connecting to a Db2 LUW server: I have no means to verify, which TLS cipher was negotiated and if TLS11 or SSL or TLS12 was used.

In MON_GET_CONNECTIONS I just get SSL4 in the column CLIENT_PROTOCOL but I cannot see what level/port was used.

We could need a db2diag.log or notification log entry for the connection type and cipher negotiated.

If I use the simpler AUTHENTICATION=SERVER_ENCRYPT, I cannot see, which connection complies or which is using ALTERNATE_AUTH_ENC.

The same issue appears with Db2 Connect servers to host connections. I can only see on Db2 for z/OS, if the Db2 LUW server is using a secured connection.

At least, if Db2 is all delegating to GSKit, there should be a documented way, how to retrieve this information via GSKit.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 8 2020
  • Future consideration
Who would benefit from this IDEA? All Db2 LUW customers configuring and verifying encrypted connections.
How should it work?

The preferred solution would be a visibility in MON_GET_CONNECTION.

The second option would be a message in notification or db2diag log at verbosity level 3 or 4.

The least level would be a connection trace or via dump in gskit.

Idea Priority Medium
Priority Justification Ranked medium, as it becomes more and more important to have secured connections and verify the strong ciphers really get used.
Customer Name An IBM Champion for his customers
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Sep 01:17pm

    Please refer also to case TS004142677

NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "anonymous@euprivacy.out" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions