SQL30081N error when creating a DATALAKE Table on IBM COS Object Storage in Db2 11.5.9

Creating a DATALAKE table on IBM Cloud Object Storage (COS) in Db2 11.5.9 may fail with SQL30081N due to SSL cipher incompatibility.

Symptoms

When you attempt to create a DATALAKE table on IBM Cloud Object Storage (COS) using Db2 11.5.9, the following error might be returned:
SQL30081N A communication error has been detected. Communication protocol being used: "HTTP". 
Communication API being used: "S3". Location where the error was detected: "s3.us-east.cloud-object-stor".Communication function detecting the error: "Create Table". SQLSTATE=08001

If the table already exists, subsequent operations such as INSERT or SELECT might hang or fail.

Causes

IBM COS has updated its security requirements to mandate the use of the GCM SSL Cipher for encrypted connections. This cipher is not enabled by default in Java 8, which is the Java version used by Db2 11.5.9. As a result, SSL handshake failures occur when Db2 attempts to connect to IBM COS.

Note:
  • You cannot create DATALAKE tables on IBM COS using Db2 11.5.9.
  • Existing tables may become inaccessible.
  • This issue affects only IBM COS; other object storage services (AWS S3, MinIO, Ceph, Azure) are not affected.

Resolving the problem

Run the following stored procedure on the affected system to enable the required cipher:
CALL SYSHADOOP.SET_DATALAKE_CONFIG('CORE', 'fs.s3a.ssl.channel.mode', 'Default_JSSE_with_GCM')

Note: A restart of the Db2 instance might be required for the change to take effect.

Considerations

  • This workaround is safe for IBM COS.
  • Enabling the GCM cipher may cause performance degradation (up to 50%) for other storage services.
  • Do not apply this configuration globally unless IBM COS is the only storage service in use.

Applies to:

  • Db2 11.5.9 (standalone and Db2 Warehouse on Cloud)
  • IBM Cloud Object Storage (COS)

Related Information: