Reset Search
 

 

Article

KB29623 - Why are 3DES cipher suites reported as a 112-bit keys when security settings are configured with 128-bit or 168-key?

« Go Back

Information

 
Last Modified Date8/1/2015 3:22 AM
Synopsis
This article describes why security reports are stating 3DES is equivalent to a 112-bit key is configured when security settings are configured with "Accept 168-bit and greater" or "Accept 128-bit and greater".
Problem or Goal
Cause
Solution
The following two 3DES cipher suites are reported as a equivalent to a 112-bit key.

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits RSA) FS 112

 

What is 3DES?

3DES is a mode of DES encryption algorithm that encrypts data three times.  This is completed by using three 56-bit keys, instead of one key, for an overall key length of 168-bits.
 


Why are 3DES cipher suites reported as a 112-bit key instead of 168-bit?

Triple DES has a key size of 168 bits but provides at most 112 bits of security.This property of Triple DES is not a weakness provided 112 bits of security is sufficient for an application.

You can chose to disable 3DES on the PCS device under Configuration > Security >SSL options > Allowed Encryption Strength > Custom SSL Cipher Selection.

Please visit www.pulsesecure.net for more information on Pulse Secure Products.


 
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255