SAP Application Server Encryption via TLS

SAP NetWeaver Application Server EncryptionTo achieve the most comprehensive protection possible against potential attacks in SAP environments (and deal with those that do occur), encryption mechanisms and up-to-date cryptography libraries are required using TLS.

Right now, encryption based on the Transport Layer Security (TLS) protocol – previously known as Secure Sockets Layer (SSL) – is typically applied by means of HTTPS. Most webservers support TLS 1.0 and later through numerous encryption methods. Nearly all browsers and servers tend to use TLS based on encryption algorithms (cipher suites) like RSA or AES.

Optimizing TLS settings for operations and security

Encryption and corresponding control by means of the TLS protocol versions currently available on SAP Application Servers is made possible by the use of cryptography libraries (CommonCryptoLib). In order to support protocol versions and encryption algorithms that are as current as possible, SAP recommends CommonCryptoLib 8.5.2 or later (the latest version is 8.5.22).

The protocol versions that are available at present and supported by common web browsers are TLS 1.1, 1.2, and (since March 2018) 1.3.

The cipher suites can be controlled via the following profile parameters:

  • ssl/ciphersuites(default value: HIGH:MEDIUM:+e3DES:!aNULL)
  • ssl/client_ciphersuites (default value: HIGH:MEDIUM:+e3DES:!aNULL)

To facilitate the best possible interoperability within landscapes that run on SAP while making use of optimal encryption algorithms, SAP recommends setting or adjusting the profile parameters as follows in line with the current standard (TLS 1.2):

  • SAP Application Server:
    ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH
  • SAP Solution Manager (deviates):
    ssl/client_ciphersuites = 918:PFS:HIGH::EC_P256:EC_HIGH

The encoding consists of a calculated bit value that can be found in the following overview:

Value Description
1 “BC” option
(Accepts SSL Version 2.0 CLIENT-HELLO / SSLv2Hello for TLSv1.x-Handshake)
2 “BEST” option
(Activates the latest TLS protocol version available, i.e. TLS 1.2 for CCL 8.4.31+)
4 “NO_GAP” option
(No gaps between TLS protocol versions; has been forced thus far)
16 Allows blind sending of a client certificate
(5.5.5pl36+ and all CCL 8.x.x)
32 “Strict protocol version configuration” option
– does not automatically activate TLS 1.0
(recognized/supported only by CommonCryptoLib (CCL) 8.4.48 or later)
64 SSLv3
128 TLS 1.0
256 TLS 1.1
(Only with CommonCryptoLib (CCL) 8.4.31 or later)
512 TLS 1.2
(Only with CommonCryptoLib (CCL) 8.4.31 or later)

Example: 135:PFS:HIGH::EC_P256:EC_HIGH

  • 135 = 128 (TLS >= 1.0) + 2 (BEST protocol option) + 1 (SSL 2.0 handshake acceptance + 4 (NO_GAP option)
  • PFS: Support for perfect forward secrecy cipher suites
  • HIGH: Exclusive support for HIGH-class cipher suites (no PFS suites)
  • EC_HIGH: Use of high-security elliptic curves
  • EC_P256: Defined elliptic curve

The use of these values makes it possible to utilize both TLS 1.2 and TLS 1.0 as a fallback solution in order to minimize problems through interoperability.

SAP expressly recommends not deactivating the current TLS 1.0 without taking the additional measures necessary. In this case, all of the SAP software at hand must be updated and analyzed to identify incompatible components (and those that are limited to TLS 1.0) with the help of HTTP logging.

Do you have questions on this topic? Or are you interested in further information about our portfolio? We invite you to explore our SAST SOLUTIONS website or contact us directly:

Axel Giese (SAP Security Consulting)


This might also be of interest to you

Audit or Penetration testing? Find your vulnerabilities before you get hurt!

Authorizations for batch processing in NetWeaver and S/4HANA environments