SSL connection uses insecure settings. The established connection is insecure and can cause a compromise of valuable data.

SSL must be used to provide secure connections between SAP NetWeaver components. A secure SSL configuration requires certain values of certain parameters to be set.

The icm/HTTPS/verify_client parameter must be set to 2 to ensure that ICM requires client certificates to establish a connection. The default value (1) allows clients to connect by another method if they can not provide a valid certificate.
For Single Sign-On (SSO), the login/ticket_only_by_https profile parameter must be set to 1to ensure that entry tickets will not be transmitted as explicit text.
SAP Web Dispatcher must be configured to support SSL termination to optimize load balancing and support filtering connection requests. However, the connections must be re-encrypted before they are redirected to application servers. Therefore, the value of the wdisp/ssl_encrypt must be 1 for HTTPS requests and 2 for HTTP, and not 0 (terminating without re-encryption).

ABAP : Unsafe SSL configuration

DerScanner Severity Score

Do you want to fix ABAP : Unsafe SSL configuration in your application?

See also