IMHO, I don't think it has anything to do with SSL. Both ECC and PI would be within your company's landscape so there is no reason for SSL. You can read up on SSL to know what it's about and you would probably agree why SSL is not required for this case.
I cannot answer why the CREMAS to GRC in your landscape is using HTTP_AAE. I too feel it does not make sense. But this is something you should probably ask your team lead or whoever designed that interface. Maybe there is something written in the tech spec?