> I've just been reading about recommended and deprecated encryption and tripped over a nist document (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf) that distinguishes between 2key and 3key 3DES saying that the former is deprecated after 2015 but the latter is still acceptable. > 2-key 3DES provides about 80 bits of security, while 3-key 3DES provides about 112 bits. > Is this distinguishable in openssl? I.e. if we negotiate TLS_RSA_WITH_3DES_EDE_CBC_SHA does it always use the 3-key version? > TLS cipher suites, like TLS_RSA_WITH_3DES_EDE_CBC_SHA, use the 3-key version. Also see RFC 5246, https://tools.ietf.org/html/rfc5246, and the discussion of "Data Encryption Standard" on page 79: DES can also be operated in a mode [3DES] where three independent keys and three encryptions are used for each block of data; this uses 168 bits of key (24 bytes in the TLS key generation method) and provides the equivalent of 112 bits of security. Jeff
