DES-CBC3-SHA listed as 192 bits but SSL Labs reports as 112 bit

Question

In the table here under the BIG-IP 11.5.0 - 11.5.2 section it lists the DES-CBC3-SHA ciphers as 192 bits.&nbsp;
However a SSL Labs scan will report the following:&nbsp;
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)112 [bits]&nbsp;
I'm not a crypto-nerd but if I read this explanation correctly that particular cipher has an effective security of 112 bits but if the encryption is achieved by using 3 56 bit keys (3 X 56 = 168) why is F5 reporting 192 bits?&nbsp;

http500_195339 · Answer

No one at F5 can answer this?

amolari · Answer

there was a thread about that here&nbsp;
It seems to be a "bug".. 192 comes from 3x64 (64 is the block size).&nbsp;
If in theory it's 168 bits key length, it has been degraded to 112 due to vulnerabilities. &nbsp;
From NIST 800-57:&nbsp;
"One might expect that 3TDEA would provide 56×3 = 168 bits of strength. However, there is an attack on 3TDEA that
reduces the strength to the work that would be involved in exhausting a 112 bit key"&nbsp;

baalawi_242346 · Answer

This link will answer your question:&nbsp;
SOL17296: The BIG-IP system incorrectly reports a 192-bit key length for cipher suites using 3DES (DES-CBC3)&nbsp;
https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17296.html&nbsp;

Forum Discussion

DES-CBC3-SHA listed as 192 bits but SSL Labs reports as 112 bit

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: BigIP Report

BigIP Report Old

F5 402 Exam reading list and notes

Get started with F5 Distributed Cloud WAAP Scheduled Reports

Client SSL Profile Cipher...Disable DES-CBC3-SHA.