[openssl-users] Disable SSL3 and enable TLS1? / Ambiguous "DES-CBC3-SHA"

Viktor Dukhovni openssl-users at dukhovni.org
Tue Apr 7 15:31:54 UTC 2015

On Tue, Apr 07, 2015 at 08:09:31AM -0700, David Rueter wrote:

> >> You're confusing SSLv3 the protocol, with SSLv3 ciphersuites.
> Yes, I admit I am not distinguishing between these.  However, !SSLv3  in the
> cipher list does evidently disable the SSLv3 protocol as well--as evidenced
> by testing with https://www.ssllabs.com/ssltest

When there are no SSLv3 ciphers left, the protocol is not offerred,
but this also disables TLSv1 and TLSv1.1 as they use the same set
of ciphers.

> From the symptoms, it sure seems like OpenSSL mistakenly uses the string
> "DES-CBC3-SHA" to refer to both TLS and SSL3 (see
> https://www.openssl.org/docs/apps/ciphers.html )

There is no mistake.  The same cipher-suite:

    DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

applies to SSLv3, TLSv1, TLSv1.1 and TLSv1.2.

> intentional?  In other words, is the SSLv3 cipher
> SSL_RSA_WITH_3DES_EDE_CBC_SHA actually the same as the TLS cipher

Yes, they are one and the same (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2):

    RFC 6101: CipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA         = { 0x00,0x0A };
    RFC 2246: CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA         = { 0x00,0x0A };
    RFC 4346: CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA         = { 0x00,0x0A };
    RFC 5246: CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA         = { 0x00,0x0A };

As for:

    CipherSuite TLS_RSA_WITH_DES_CBC_SHA               = { 0x00,0x09 };

it is not triple DES, it is single-DES, and corresponds (RFC 6101) to:

    CipherSuite SSL_RSA_WITH_DES_CBC_SHA               = { 0x00,0x09 };

which OpenSSL calls:

    DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1


More information about the openssl-users mailing list