Transport Layer Security on the AS
Java
Use
The AS Java supports the use of transport layer security for network communications. Depending on the protocol used for the connection, it supports SSL or Secure Network Communications (SNC).
See the figure below for an overview of the supported transport level security scenarios:
Using Encryption with the AS Java
For more information about the transport layer security functions that correspond to the transport protocols the AS Java can use, see the table below.
Transport Layer Security for the Protocol
Protocol |
Security Method Used |
Comment |
HTTP, P4, LDAP |
SSL |
SSL is a quasi-standard protocol developed by Netscape. It is used with an application protocol, for example, HTTP. |
RFC or DIAG |
SNC |
SNC is an interface that you can use to secure connections between SAP system components. |
Prerequisites
To perform cryptographic functions with the AS Java, you have to use an external security provider. The SAP provides the SAP Cryptographic Library (SAP Cryptolib) for securing server-to-server connections with SNC and SSL. You can download this software from the SAP Service Marketplace at service.sap.com/swdc.
The distribution of the SAP Cryptographic Library is subject to and controlled by German export regulations and is not available to all customers. In addition, the library may be subject to local regulations of your own country that may further restrict the import, use and (re-)export of cryptographic software. If you have any further questions on this issue, contact your local SAP subsidiary.
Features
When using SSL or SNC to encrypt data communications at the network layer, you make use of the following security features:
● Authentication
With server-side authentication, the server identifies itself to the client when the connection is established, which reduces the risk of server impersonation to gain information from clients.
With mutual authentication, both the client and the server are authenticated when the connection is established. For example, you use client-side authentication at SSL level to authenticate users with client certificates instead of with user IDs and passwords.
· Data integrity
The data being transferred between the client and the server is protected so that any manipulation of the data is detected.
· Data privacy
The data being transferred between the client and the server is also encrypted, which provides privacy protection. An eavesdropper cannot access the data.
Activities
For more information about configuring the supported transport layer security functions of the AS Java, see the following sections:
● Configure the Use of SSL on the AS Java
● Configure the Use of SSL with an Intermediary Server
● Configure the use of SNC: AS Java -> AS ABAP
● Additional Keystore and Cryptographic Functions
See also:
The Secure Connection Factory API for HTTPS Clients