Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Many customers have questions regarding the encryption of data in transit. SAP BTP uses encrypted communication channels based on HTTPS/TLS.

What is TLS?

TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.The protocol is described by the Internet Engineering Task Force (IETF)  in  Requests for Comments (RFCs). It evolves over time to support higher standards. More information can be found under

SAP BTPs` servers support the TLS 1.2 version of the TLS protocol. Older versions are not supported.

Since November 2021 it is possible to opt-in for the use of TLS 1.3 in the Custom Domain Manager. This allows the use of TLS1.3 with Applications running on SAP BTP. It does not allow the use of TLS 1.3 for SAP standard applications, like the SAP BTP Cockpit or SAP Cloud Identity Services. There the use of TLS 1.2 still applies.

Using the TLS Configurations tile in the Custom Domain Manager, you can opt to select the Enable HTTP/2 check box to support the use of the HTTP/2 protocol version. For more information, see SAP Note 3118912 Information published on SAP site and Manage TLS Configurations.

TLS 1.3 in addition to TLS 1.2 for all platform domains will be enabled in June 2023. Clients supporting TLS 1.3 will automatically agree to the new version during the TLS handshake with the Cloud Foundry Load Balancers. Clients not supporting TLS 1.3 will automatically stick to a TLS 1.2 handshake. For custom domains, the configuration will not be adjusted from platform-side and TLS 1.3 must be enabled in the custom domain configuration, see Manage TLS Configurations.

See SAP Note: 3308931 - TLS 1.3 Support for Cloud Foundry Platform Domains


In case of problems in the Neo environment and for more in-depth information please read:

SAP Note 2923117 - SAP Cloud Platform NEO – TLS 1.2 Migration - How to address problems with old TLS...