ABAP : Unsafe SSL configuration

SSL connection uses insecure settings. The established connection is insecure and can cause a compromise of valuable data.

SSL must be used to provide secure connections between SAP NetWeaver components. A secure SSL configuration requires certain values ​​of certain parameters to be set.

• The icm/HTTPS/verify_client parameter must be set to 2 to ensure that ICM requires client certificates to establish a connection. The default value (1) allows clients to connect by another method if they can not provide a valid certificate.
• For Single Sign-On (SSO), the login/ticket_only_by_https profile parameter must be set to 1to ensure that entry tickets will not be transmitted as explicit text.
• SAP Web Dispatcher must be configured to support SSL termination to optimize load balancing and support filtering connection requests. However, the connections must be re-encrypted before they are redirected to application servers. Therefore, the value of the wdisp/ssl_encrypt must be 1 for HTTPS requests and 2 for HTTP, and not 0 (terminating without re-encryption).