Imperva Transparent Inspection = Unique Cipher Requirements
Has anyone deployed Imperva in bridge or transparent mode with an F5 SSL offloaded site behind it? Have you dealt with the requirement that Imperva can't use DHE or EC ciphers? I'd like to create a client SSL profile that can be re-used and ensure that SSL inspection is happening always in Imperva. They provide some guidance for Apache and Tomcat, but I can't seem to find the right cipher string for F5. Recommended for Apache: ALL: !ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!NULL:!aNULL:!eNULL:!EDH:!RC4-SHA Recommended for Tomcat: ciphers=" SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA , SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5 , SSL_RSA_EXPORT_WITH_DES40_CBC_SHA I've tried stuff like... DEFAULT:!SSLv3:!DHE:!EDH:!ECDHE But I just can't get the right cipher statement that disables these ciphers. Any help would be greatly appreciated!256Views0likes1Comment