Reset Search



KB29623 - Why are 3DES cipher suites reported as a 112-bit keys when security settings are configured with 128-bit or 168-key?

« Go Back


Last Modified Date8/1/2015 3:22 AM
This article describes why security reports are stating 3DES is equivalent to a 112-bit key is configured when security settings are configured with "Accept 168-bit and greater" or "Accept 128-bit and greater".
Problem or Goal
The following two 3DES cipher suites are reported as a equivalent to a 112-bit key.

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits RSA) FS 112


What is 3DES?

3DES is a mode of DES encryption algorithm that encrypts data three times.  This is completed by using three 56-bit keys, instead of one key, for an overall key length of 168-bits.

Why are 3DES cipher suites reported as a 112-bit key instead of 168-bit?

Triple DES has a key size of 168 bits but provides at most 112 bits of security.This property of Triple DES is not a weakness provided 112 bits of security is sufficient for an application.

You can chose to disable 3DES on the PCS device under Configuration > Security >SSL options > Allowed Encryption Strength > Custom SSL Cipher Selection.

Please visit for more information on Pulse Secure Products.

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255