What is TLS?
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.
Almost all communication between customer users and SAP Cloud Platform products is through HTTP/web protected by encryption using one version of TLS or another. STARTTLS SMTP (e-mail) also use TLS as a key component of their security.
SAP Enable Now servers support several versions of the TLS protocol, TLS 1.0. 1.1 and 1.2. At the start of communication (handshaking phase), a web browser and SAP Enable Now server exchange their supported TLS versions and choose the highest version they both support to carry out the rest of the communication.
TLS 1.0 and 1.1 has been found weak in protection especially when combined with weak ciphers. The prevailing best security practice is to remove TLS 1.0 and 1.1 support all together.
How will customers be impacted?
After SAP Enable Now disables TLS 1.0/1.1, any connections to SAP Enable Now that rely on TLS 1.0 and 1.1 will fail.
This change will affect all SAP Enable Now TLS URLs (web links starting with https://…). End users will not observe the impact since all the browsers on the SAP Enable Now support list automatically will use TLS 1.2.
Site administrators should immediately enable TLS 1.2 or later. SAP Enable Now current criteria for modern TLS is the following
- TLS 1.2
- Supported ciphers: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384
We recommend the upgrades to Windows 10 (as documented by system requirement) and the latest IE11.
How to test your browser compatibility?
Browser Test Result:
Certificate Test Result:
If both the browser and certificate tests are without errors, access to SAP Enable Now – Cloud via your browser should not be impacted by disabling TLS 1.0 and TLS 1.1, and no action is required.
How can customers avoid a service disruption?
Be aware that these changes will appear already in Cloud Preview versions middle of April. Please test it and take action. In case of issues
On-premise customers are responsible for their own installation and TLS support.
For more information use this knowledge article