Imperva Transparent Inspection = Unique Cipher Requirements
Has anyone deployed Imperva in bridge or transparent mode with an F5 SSL offloaded site behind it? Have you dealt with the requirement that Imperva can't use DHE or EC ciphers? I'd like to create a client SSL profile that can be re-used and ensure that SSL inspection is happening always in Imperva.
They provide some guidance for Apache and Tomcat, but I can't seem to find the right cipher string for F5.
Recommended for Apache: ALL: !ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!NULL:!aNULL:!eNULL:!EDH:!RC4-SHA
Recommended for Tomcat: ciphers=" SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA , SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5 , SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
I've tried stuff like... DEFAULT:!SSLv3:!DHE:!EDH:!ECDHE
But I just can't get the right cipher statement that disables these ciphers.
Any help would be greatly appreciated!