Hi Tushar,
To decrypt DHE ciphers in Bridge Mode,
Transparent
Reverse
Proxy must be enabled.
TRP runs on top of Bridge Mode, operates at the HTTP service layer, and is completely configurable within the SecureSphere GUI.
For a general overview, please see:
https://docs.imperva.com/bundle/v13.5-administration-guide/page/7200.htmFor TRP configuration information, please see:
https://docs.imperva.com/bundle/v12.5-web-application-firewall-user-guide/page/3097.htmPlease note that it is important the previously uploaded SSL certificates contain the full chain (intermediate and root) before enabling TRP or the client may experience errors.
------------------------------
Jaired Anderson
Principal Consultant
Imperva
Tulsa OK
------------------------------
Original Message:
Sent: 02-25-2020 04:02
From: Tushar Sawant
Subject: Imperva Securesphere in Bridge mode (In-line mode) does not DHE Cipher suites
We have implemented the Imperva WAF (securesphere) in Bridge mode( In-Line Mode) and for all the applications which are integrated under WAF monitoring are showing unsupported cipher issue. Currently all application are using Diffie–Hellman_key_exchange as per security perspective. So due to this unsupported cipher issue, SSL inspection is not happening. Can Imperva will add this DHE cipher in his future release or there any option to resolve this issue.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Tushar Sawant
------------------------------