Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  SNI , TLS protocol, Client certificate authentication

    Posted 05-31-2020 05:48
    Hi All,

    is Anyone identified any issues using SNI feature as I am planning to use this feature. whey this is not a straight forward UI feature?

    ETA to implement tls1.3?

    ETA to implement client certificate authentication feature in TRP mode?

    Roadmap for HTTP/3.0?

    Does anyone using any Tcpdump script to write all the session keys?


    Regards,

    Nishanth M
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Nishanth Minikkaran
    Allianz technology
    ------------------------------


  • 2.  RE: SNI , TLS protocol, Client certificate authentication

    Posted 06-01-2020 10:31
    Hi Nishanth,

    SNI has been supported in both TRP and KRP mode for On-Prem WAF for some considerable time. Configuring it is described in the Documentation, for example at https://docs.imperva.com/bundle/v13.6-web-application-firewall-user-guide/page/69409.htm and it can be configured from the MX UI.

    I can't comment on the roadmap questions, but on the capturing all session keys question, can you explain your use-case around that?

    Kindest regards,
    Stefan

    ------------------------------
    Stefan Pynappels
    Escalation Engineer
    Imperva
    ------------------------------



  • 3.  RE: SNI , TLS protocol, Client certificate authentication

    Posted 12-17-2020 03:09

    Thank you for your reply.

    Capturing session key is basically needed for troubleshooting purpose if need to decrypt the packet captures.



    ------------------------------
    Nishanth Minikkaran
    Allianz technology
    ------------------------------