Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Protect the site ssllabs F and HTTP2

    Posted 02-09-2021 03:55
    Good afternoon, I'm an SEO site optimizer unian.ua and we have a site protected by your software

    Unfortunately when checking the site on ssllabs the result of the site test shows F


    Also, to speed up the site, we really need the server to work on HTTP2

    Our system administrators say that your software does not support the http2 security service and that you can't set up to get an A or A result when checking the domain on the ssllabs service.

    The speed of the site and its protection is very important for us, as we are a news site, but it is very sad that the site with your protection can not work on HTTP2, you can not disable TLS 1.0 and TLS 1.1
    And when checking shows F
    As is

    This server is vulnerable to the Zombie POODLE vulnerability. Grade set to F.

    This server is vulnerable to the GOLDENDOODLE vulnerability. Grade set to F.

    This server is vulnerable to the OpenSSL 0-Length vulnerability. Grade set to F

    I ask you to tell you how to set up system administrators correctly or where to read in the documentation that the site meets the requirements to protect people.

    Or we can be protected by cloudflare :(

    I really hope that simply our system administrators that something is not set up correctly.
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Petro Deruha
    ------------------------------


  • 2.  RE: Protect the site ssllabs F and HTTP2

    Posted 02-09-2021 06:00
    Hi Petro,

    1. We plan to start HTTP2 support from v14.4P10 which is planned to be out in Q2 2021
    2. You can disable TLS and ciphers via ssl settings in global objects.
    3. Regarding pen tests failing I suggest to move to latest LTS version or v14 as several fixes where in this area.

    Thanks,
    Michael.

    ------------------------------
    Michael Sorin
    ------------------------------



  • 3.  RE: Protect the site ssllabs F and HTTP2

    Posted 02-09-2021 10:00

    Hi Petro,

    In which mode is the WAF deployed? (Eg: Bridge, KRP, Sniffing) The quickest way to determine is to go to Main > Setup > Gateways.

    Also, what version is deployed?

    Thanks.



    ------------------------------
    Jaired Anderson
    Principal Consultant
    Imperva
    Tulsa OK
    ------------------------------



  • 4.  RE: Protect the site ssllabs F and HTTP2

    Posted 02-09-2021 10:31
      |   view attached

    Good afternoon, I'll ask the administrators for a version of the product.

    I have also read the recommendations of The National Security Agency (NSA) Eliminating Obsolete Transport Layer Security (TLS)

    And when you have in the product in updates to force disable dangerous protocols?



    ------------------------------
    Petro Deruha
    ------------------------------

    Attachment(s)