Imperva Cyber Community

 View Only
  • 1.  mode suppoted cipher

    Posted 12-09-2020 08:49
    i have a WAF on premise with 13.5 version in bridge mode, but in my portal have DHE-RSA-AES256-GCM-SHA384 cipher.
    I would like to know what mode this cipher supports in specific in version 13.5
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Bompart
    CDMX
    ------------------------------


  • 2.  RE: mode suppoted cipher

    Posted 12-09-2020 11:41
    Hi Edwin,

    Per https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/534.htm, TLS_DH_RSA_WITH_AES_256_GCM_SHA384 is supported for NGRP (Next Generation Reverse Proxy) gateways only.

    Advanced Bridge mode, which is available beginning in v14.3 for WAF, supports advanced cipher sets. The list should be the same as what is currently designated as NGRP only. I am working internally to get our documentation updated.

    For more information on Advanced Bridge mode, please see: https://docs.imperva.com/bundle/v14.3-web-application-firewall-user-guide/page/76416.htm

    ------------------------------
    Jaired Anderson
    Principal Consultant
    Imperva
    Tulsa OK
    ------------------------------



  • 3.  RE: mode suppoted cipher

    Posted 12-09-2020 11:46
    in versión 13.5 is not supported in any mode?


    TLS_DH_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 its the same?

    ------------------------------
    Bompart
    CDMX
    ------------------------------



  • 4.  RE: mode suppoted cipher

    Posted 10-20-2022 03:53
    Hello,

    I am also looking if this cipher is supported on the version 13.5 of Imperva SecureSphere: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    When I look on the documentation of the Imperva DAM for the version 13.5, i can't find a list of Cipher keys supported (like on other versions a specific section for SSL Cipher Keys), but only the information below:



    When I open the bootstrap.xml file on the client, I saw that It was the same as in the documentation. It means that this is a way how we can check if it is supported by Imperva?

    Kind Regards,


    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------



  • 5.  RE: mode suppoted cipher

    Posted 10-20-2022 07:10
    Hello Olgerta,

    Thank you for the post, are you looking for supported ciphers suite for MX web gui access or the services(server group)hosted on the WAF please?


    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 6.  RE: mode suppoted cipher

    Posted 10-20-2022 07:23
    Hello Syed,

    SecureSphere supports a number of ciphers to enable the decryption and inspection encrypted packets in the network. I am looking for the Supported Ciphers that v13.5 of the DAM have.

    As i mentioned above, on the user guide of the v13.5 there is no a specific section like version 13.6 for example (https://docs.imperva.com/bundle/v13.6-database-activity-monitoring-user-guide/page/534.htm) to find the supported ciphers, but it is like the previous message.

    The fact that is true in the bootstrap.xml , should I consider that the Imperva supports it in v13.5?

    If someone have a list of supported ciphers in DAM v13.5 it will help.


    Kind Regards,


    ------------------------------
    Olgerta Prendi
    Cyber Security Specialist
    S&T AG
    Tirana
    ------------------------------