F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Derek__154653's avatar
Derek__154653
Icon for Nimbostratus rankNimbostratus
Jun 15, 2015

Imperva Transparent Inspection = Unique Cipher Requirements

Has anyone deployed Imperva in bridge or transparent mode with an F5 SSL offloaded site behind it? Have you dealt with the requirement that Imperva can't use DHE or EC ciphers? I'd like to create a client SSL profile that can be re-used and ensure that SSL inspection is happening always in Imperva.

 

They provide some guidance for Apache and Tomcat, but I can't seem to find the right cipher string for F5.

 

Recommended for Apache: ALL: !ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!NULL:!aNULL:!eNULL:!EDH:!RC4-SHA

 

Recommended for Tomcat: ciphers=" SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA , SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5 , SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

 

I've tried stuff like... DEFAULT:!SSLv3:!DHE:!EDH:!ECDHE

 

But I just can't get the right cipher statement that disables these ciphers.

 

Any help would be greatly appreciated!

 

application delivery
deployment
design
imperva
LTM
security

1 Reply