Technical Articles
Managing TLS Protocols with an SAP Cloud Platform Custom Domain
Overview
Using an SAP Cloud Platform custom domain allows you to configure and expose your application under your own domain on SAP Cloud Platform, and protect the identity of your application. Instead of using the default hana.ondemand.com subdomain, it lets you name your application in a way that’s easily recognizable by your customers.
In addition, it also gives you the opportunity to manage the version of the TLS protocol on SAP Cloud Platform. For example, you may need to disable an older TLS version such as TLS 1.0, and enable a newer one such as TLS 1.2.
Prerequisites
You have configured an SAP Cloud Platform custom domain and you have mapped it to your application. For more information, see Using Custom Domains.
Enabling a TLS Protocol
You may want to enable a TLS protocol version without disabling any previously running TLS protocols. For example, if you want to enable TLS 1.2 without disabling TLS 1.1, run the following command:
neo set-ssl-host -a mysubaccount -u mymail@example.com -h hana.ondemand.com -n mysslhostname -c mycert -t "TLSV1_2,TLSV1_1"For more information, see set-ssl-host.
Disabling a TLS Protocol
Respectively, you may prefer to disable a TLS protocol version for security reasons, because the current TLS protocol version is no longer supported. For example, if you decide to disable TLS 1.0 and enable TLS 1.2 instead, run the following command:
neo set-ssl-host -a mysubaccount -u mymail@example.com -h hana.ondemand.com -n mysslhostname -c mycert -t "TLSV1_2"If you have any questions, don’t hesitate to ask.
Hi, is there any neo sdk commands to check the current TLS version configured on the ssl host?
Regards,
sreehari
Hi Sreehari,
If you run the set-ssl-host command without using any optional parameters, you will get the current TLS version. For example:
Best regards,
Dragomir