Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Unsupport Cipher when using TRP mode

    Posted 07-25-2024 10:13
    Edited by Duc Dinh Minh 07-25-2024 10:17

    Dear Team,

    I have an issue with Unsupport Cipher on Imperva v14.7.0.60 (TRP). 

    when I onboarded a website with the cipher below (tested by SSLLabs) and have a lot of Unsupport Cipher Alert.

    Do you have any solutions on it? which cipher i need to customize or configure on Imperva GW?

    Below - Alerts on On-Premise WAF


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Duc Dinh Minh
    Security Engineer I
    M.Tech Holdings Pte Ltd
    ho chi minh
    ------------------------------



  • 2.  RE: Unsupport Cipher when using TRP mode

    Posted 07-28-2024 03:06

    Hello Duc Dinh Minh,

    Thank you for the post, you can refer the below article, which provides information on how to handle Unsupported Ciphers alert,

    https://docs.imperva.com/bundle/z-kb-articles-km/page/76a348d3.html



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 3.  RE: Unsupport Cipher when using TRP mode

    Posted 07-28-2024 22:26
    Edited by Duc Dinh Minh 07-28-2024 22:26

    Hi Syed,

    I enabled TRP on imperva GW, but it has unsupport cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    But in Imperva document, TRP supports it

    https://docs.imperva.com/bundle/v14.7-waf-user-guide/page/534.htm

    Are there any problems with 7680 bits RSA? below is SSLLab scan result.

    Thank you.



    ------------------------------
    Duc Dinh Minh
    Security Engineer I
    M.Tech Holdings Pte Ltd
    ho chi minh
    ------------------------------



  • 4.  RE: Unsupport Cipher when using TRP mode

    Posted 07-29-2024 21:17

    Hello Duc Dinh Minh,

    Even after selecting the desired ciphers on the MX, we are still getting unsupported ciphers, can you please check what ciphers is mentioned in the alerts and the same ciphers had been selected on the SG for this service.



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------



  • 5.  RE: Unsupport Cipher when using TRP mode

    Posted 07-29-2024 22:35

    Hi Syed,

    Default cipher suite on Server (SSLLab scan)

    Imperva has unsupport cipher alert "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" (TRP enabled)

    The below is my customize cipher suite (disable all cipher has 7680 bits RSA)



    ------------------------------
    Duc Dinh Minh
    Security Engineer I
    M.Tech Holdings Pte Ltd
    ho chi minh
    ------------------------------



  • 6.  RE: Unsupport Cipher when using TRP mode

    Posted 07-29-2024 22:56

    Hello Duc Dinh Minh,

    If we have removed the weak ciphers and we have selected the ciphers that are being used by the client and mode it TRP,  then we should not be seeing this alerts, would request to open a support ticket and share us the logs.



    ------------------------------
    Syed Noor Fazal
    Product Support Engineer
    ------------------------------