Imperva Transparent Inspection = Unique Cipher Requirements

Question

Has anyone deployed Imperva in bridge or transparent mode with an F5 SSL offloaded site behind it?  Have you dealt with the requirement that Imperva can't use DHE or EC ciphers?  I'd like to create a client SSL profile that can be re-used and ensure that SSL inspection is happening always in Imperva.&nbsp;
They provide some guidance for Apache and Tomcat, but I can't seem to find the right cipher string for F5.  &nbsp;
Recommended for Apache:
ALL: !ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!NULL:!aNULL:!eNULL:!EDH:!RC4-SHA&nbsp;
Recommended for Tomcat:
ciphers=" SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA , SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5 , SSL_RSA_EXPORT_WITH_DES40_CBC_SHA&nbsp;
I've tried stuff like...
DEFAULT:!SSLv3:!DHE:!EDH:!ECDHE&nbsp;
But I just can't get the right cipher statement that disables these ciphers.&nbsp;
Any help would be greatly appreciated!&nbsp;

eric_st__john · Answer

'DEFAULT:!ECDHE:!EDH' should disable the ciphers you referenced.&nbsp;

Forum Discussion

Imperva Transparent Inspection = Unique Cipher Requirements

1 Reply

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Transparent Load Balancing in Azure

Integrating SSL Orchestrator with Symantec ProxySG: Transparent Proxy

Reminder: MFA now required to log in to DevCentral

Integrating SSL Orchestrator with CheckPoint Firewall VM-Transparent Proxy