[openssl-users] 2-key vs 3-key 3DES

Nounou Dadoun nounou.dadoun at avigilon.com
Fri Feb 12 00:53:11 UTC 2016

I've just been reading about recommended and deprecated encryption and tripped over a nist document (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf) that distinguishes between 2key and 3key 3DES saying that the former is deprecated after 2015 but the latter is still acceptable.

Is this distinguishable in openssl?  I.e. if we negotiate TLS_RSA_WITH_3DES_EDE_CBC_SHA does it always use the 3-key version?

(I'm experimenting running NeXpose against an embedded device to look for security holes and it complained about DES (we only use 3DES) and CBC - odd!)

Thanks ... N

Nou Dadoun
Senior Firmware Developer, Security Specialist

Office: 604.629.5182 ext 2632 
Support: 888.281.5182  |  avigilon.com
Follow Twitter  |  Follow LinkedIn

This email, including any files attached hereto (the "email"), contains privileged and confidential information and is only for the intended addressee(s). If this email has been sent to you in error, such sending does not constitute waiver of privilege and we request that you kindly delete the email and notify the sender. Any unauthorized use or disclosure of this email is prohibited. Avigilon and certain other trade names used herein are the registered and/or unregistered trademarks of Avigilon Corporation and/or its affiliates in Canada and other jurisdictions worldwide.

More information about the openssl-users mailing list