Rapid7 VulnDB

TLS/SSL Server Supports 3DES Cipher Suite

Back to Search

TLS/SSL Server Supports 3DES Cipher Suite

Severity
1
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:N)
Published
02/01/2009
Created
07/25/2018
Added
09/30/2015
Modified
11/27/2018

Description

Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346) include cipher suites based on the 3DES (Triple Data Encryption Standard) algorithm. Since 3DES only provides an effective security of 112 bits, it is considered close to end of life by some agencies. Consequently, the 3DES algorithm is not included in the specifications for TLS version 1.3. ECRYPT II (from 2012) recommends for generic application independent long-term protection at least 128 bits security. The same recommendation has also been reported by BSI Germany (from 2015) and ANSSI France (from 2014), 128 bit is the recommended symmetric size and should be mandatory after 2020. While NIST (from 2012) still considers 3DES being appropriate to use until the end of 2030.

Solution(s)

  • ssl-disable-3des-ciphers

References

  • ssl-disable-3des-ciphers

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;