What is TLS?
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.
Almost all communication between customer users and SAP Cloud Platform products is through HTTP/web protected by encryption using one version of TLS or another. STARTTLS SMTP (e-mail) also use TLS as a key component of their security.
SAP Enable Now servers support several versions of the TLS protocol, TLS 1.0. 1.1 and 1.2. At the start of communication (handshaking phase), a web browser and SAP Enable Now server exchange their supported TLS versions and choose the highest version they both support to carry out the rest of the communication.
TLS 1.0 and 1.1 has been found weak in protection especially when combined with weak ciphers. The prevailing best security practice is to remove TLS 1.0 and 1.1 support all together.
How will customers be impacted?
After SAP Enable Now disables TLS 1.0/1.1, any connections to SAP Enable Now that rely on TLS 1.0 and 1.1 will fail.
This change will affect all SAP Enable Now TLS URLs (web links starting with
https://...). End users will not observe the impact since all the browsers on the SAP Enable Now support list automatically will use TLS 1.2.
Site administrators should immediately enable TLS 1.2 or later. SAP Enable Now current criteria for modern TLS is the following
- TLS 1.2
- Supported ciphers: ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-GCM-SHA384
We recommend the upgrades to Windows 10 (as documented by system requirement) and the latest IE11.