It all started with the connections from Goldengate to DB2 not working anymore:
2023-09-11 15:31:27 WARNING OGG-00552 Database operation failed: Couldn't connect to DB2_DB1. ODBC error: SQLSTATE 08001 native database error -30073. [IBM][CLI Driver] SQL30073N "0x0000" Parameter value "0x0000" is not supported. SQLSTATE=58017.
Failed to open data source DB2_DB1for user GG01.
The DB2 administrators say “We changed nothing. Maybe you changed something? And the DB2 documentation says nothing for this error.
Next email from DB2 admins “well, we did activated the option TCPALVER=SERVER_ENCRYPT and maybe that is the problem”
Indeed, that was the problem. With that option on the server side, then:
SERVER_ENCRYPT (recommended)
A user ID and password are required for connection requests. Kerberos tickets are also accepted. Also, one of the following conditions must be true:The user ID and password is AES (Advanced Encryption Standard)-encrypted.
…
Non-encrypted security credentials are not accepted unless the connection is secured by the TCP/IP network. DES-based (Data Encryption Standard) encryption is also considered insecure.
Ok, I needed to activate on my client side the AES encrytion for username and password. Not so difficult:
db2cli writecfg add -dsn DB2_DB1 -parameter "Authentication=SERVER_ENCRYPT_AES"
And voilĂ , the connection to DB2 works again, and it is secured.