SAP Knowledge Base Article - Public

2885800 - TLS Protocol Hardening in S/4HANA Cloud and SAP Marketing Cloud

Symptom

SAP disables TLS 1.0 and 1.1 encryption protocol in your S/4HANA Cloud and SAP Marketing Cloud environments according to the timeframe shared to you via customer communication mail.

  1. What is TLS?
  2. How this change will impact you?
  3. How to test if your browser support TLS 1.2?
  4. What will happen to your integrations scenarios from a remote system to S/4HANA Cloud and SAP Marketing Cloud if you do not react?
  5. How to contact SAP in case of questions and problems?

Environment

  • SAP S/4HANA Cloud
  • SAP Marketing Cloud

Cause

SAP will no longer support protocol versions older than TLS 1.2 in your S/4HANA Cloud and SAP Marketing Cloud environments in order to align with the industry best practices for security and data integrity.

Resolution

  1. What is TLS?
    TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and it is used for web browsers and other applications that require data to be exchanged securely over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. 

    TLS 1.0/1.1, in the past years, has been found weak in protection, especially when combined with weak ciphers such as RC4. S/4HANA Cloud and SAP Marketing Cloud has removed support of the weak ciphers.
    The best security practice is to remove TLS 1.0/1.1 support all together.

  2. How this change will impact you?
    After SAP disables TLS 1.0/1.1,
    • You may no longer access the S/4HANA Cloud and SAP Marketing Cloud system if your browser does not support TLS 1.2.
    • The integration scenarios from remote system to S/4HANA Cloud and SAP Marketing Cloud that rely on older version than TLS 1.2 might fail.

    Action is required prior to the communicated date to prevent any disruption to your production instance.

  3. How to test if your browser support TLS 1.2?
    If you get Deactivation Test Successful message after you open the test site, access to S/4HANA Cloud and SAP Marketing Cloud via your browser should not be impacted by this change, and no action is required from you.
    In case this test page does not load then kindly enable TLS 1.2 protocols for your web browsers. Please visit help section of your browser for how to enable TLS 1.2.

  4. What will happen to your integrations scenarios from a remote system to S/4HANA Cloud and SAP Marketing Cloud if you do not react?
    If you do not enable TLS 1.2, the integration scenarios from a remote system to S/4HANA Cloud and SAP Marketing Cloud may be disrupted after this change.
    We recommend that you enable your remote system to support TLS 1.2 as soon as possible.
    Please reach out to your system admins to check and enable this.

  5. How to contact SAP in case of questions and problems?
    You can reach SAP as follows:
    • Please open a customer message, by using component XX-S4C-OPR-INC, with a title ‘WD-TLS’. This is the preferred option.
    • Contact your SAP Customer Engagement Expert (CEE).

Keywords

TLS, Transport Layer Security , KBA , XX-S4C-OPR-INC , S/4HANA Cloud Availability, Performance and Administration , How To

Product

SAP S/4HANA Cloud all versions