Network and Transport Layer Security

Feature	Type of Change	Description
Support for multiple SSL server PSEs	Enhanced	The AS ABAP now supports the use of multiple server-side identities when using the Secure Sockets Layer (SSL) protocol for transport layer security. Therefore, you can use different identities for different incoming connections. This identity is saved in the SSL server Personal Security Environment (SSL server PSE). Use the trust manager (transaction STRUST) to maintain SSL server PSEs. For more information, see Trust Manager .
Profile parameter ssl/pse_provider	New	With this profile parameter in a dual stack installation, you can specify which tool to use for maintaining SSL PSEs, the trust manager on AS ABAP or the keystore service on the AS Java. For more information, see SSL Administration in a Dual-Stack Installation .

Feature

Type of Change

Description

Support for multiple SSL server PSEs

Enhanced

The AS ABAP now supports the use of multiple server-side identities when using the Secure Sockets Layer (SSL) protocol for transport layer security. Therefore, you can use different identities for different incoming connections. This identity is saved in the SSL server Personal Security Environment (SSL server PSE).

Use the trust manager (transaction STRUST) to maintain SSL server PSEs.

For more information, see Trust Manager .

Profile parameter ssl/pse_provider

New

With this profile parameter in a dual stack installation, you can specify which tool to use for maintaining SSL PSEs, the trust manager on AS ABAP or the keystore service on the AS Java.

For more information, see SSL Administration in a Dual-Stack Installation .

Feature	Type of Change	Description
SSL configuration	Changed	The HTTP Provider Service no longer handles client request over SSL. This task is performed by the Internet Communication Manager (ICM). To specify how the ICM handles SSL requests, you have to configure a set of ICM properties. SSL Parameters for ICM and Web Dispatcher
SSL configuration	New	You can use the SSL configuration tool in the SAP NetWeaver Administrator to create new access points and to maintain the existing access points on the server side. For more information, see Adding New SSL Access Points and Maintaining SSL Access Points .
Destination service	Changed	The Destination service has been moved from the Visual Administrator to the SAP NetWeaver Administrator. Note the following changes: You no longer maintain destinations for Web services in the Destination service. Maintain connection information for Web service clients in the Web service client user interface. You now maintain the global Secure Network Connection (SNC) parameters for RFC destinations ( snc/gssapi_lib and snc/identity/as) in the global profile for the AS Java instead of in the destination. You still maintain connection-specific parameters such as quality of protection, the target server's SNC name, and SNC activation in the destination. Existing destinations are automatically migrated by the Destination service. For more information, see Destination Service .

Feature

Type of Change

Description

SSL configuration

Changed

The HTTP Provider Service no longer handles client request over SSL. This task is performed by the Internet Communication Manager (ICM). To specify how the ICM handles SSL requests, you have to configure a set of ICM properties.

SSL Parameters for ICM and Web Dispatcher

SSL configuration

New

You can use the SSL configuration tool in the SAP NetWeaver Administrator to create new access points and to maintain the existing access points on the server side.

For more information, see Adding New SSL Access Points and Maintaining SSL Access Points .

Destination service

Changed

The Destination service has been moved from the Visual Administrator to the SAP NetWeaver Administrator. Note the following changes:

You no longer maintain destinations for Web services in the Destination service. Maintain connection information for Web service clients in the Web service client user interface.
You now maintain the global Secure Network Connection (SNC) parameters for RFC destinations ( snc/gssapi_lib and snc/identity/as) in the global profile for the AS Java instead of in the destination. You still maintain connection-specific parameters such as quality of protection, the target server's SNC name, and SNC activation in the destination.

Existing destinations are automatically migrated by the Destination service.

For more information, see Destination Service .