Forum Discussion

HTTP500_195339

Nimbostratus

Apr 02, 2015

DES-CBC3-SHA listed as 192 bits but SSL Labs reports as 112 bit

In the table here under the BIG-IP 11.5.0 - 11.5.2 section it lists the DES-CBC3-SHA ciphers as 192 bits. However a SSL Labs scan will report the following: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0...

11.5.1

ciphers

tls_rsa_with_3des_ede_cbc_sha

amolari

Cirrostratus

Apr 09, 2015

there was a thread about that here

It seems to be a "bug".. 192 comes from 3x64 (64 is the block size).

If in theory it's 168 bits key length, it has been degraded to 112 due to vulnerabilities.

From NIST 800-57:

"One might expect that 3TDEA would provide 56×3 = 168 bits of strength. However, there is an attack on 3TDEA that reduces the strength to the work that would be involved in exhausting a 112 bit key"

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

DES-CBC3-SHA listed as 192 bits but SSL Labs reports as 112 bit

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Bash shell and ping command on F5 rseries

How to Apply Existing Attack Signaturue Set to an ASM Policy using iControl REST API

What is the recommended TCP Profile settings monitor settings for ISO 8583 traffic in F5 Big IP ?

connect to an icap server, but is it possible to route only specific services to the virtual server?

smtp port vs 25 and pool member 587

Related Content

F5 Threat Report - September 10th, 2025

F5 Threat Report - September 22nd, 2025

F5 Threat Report - September 17th, 2025

Re: BigIP Report

F5 Threat Report - October 1st, 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS