0

(How) Is it possible to tell openssl's s_client tool to use keying option 2 for 3DES (meaning use two different keys only, resulting in a key size of 112 bits; see Wikipedia)?

Currently the closest I got is

openssl s_client -connect example.com:443 -tls1 -cipher DES-CBC3-SHA \
    -debug -msg -state -status -CApath /.../cacerts/ </dev/null

But with that command keying option 1 (tree different keys, 168 bit key length) is used.

Tools like http://ssllabs.com seem to be able to "simulate" for example IE8 on Win XP which seems to use 3DES with keying option 2...

scherand
  • 183
  • 9

1 Answers1

1

You can't. The standard SSL/TLS protocols that use "3DES" use 24 bytes of key for keying option 1 (actually 168 bits key and 24 bits obsolete parity which is ignored). See 3DES_EDE_CBC in the table and subsequent legend in appendix C of the standard and entry for Data Encryption Standard in the glossary. OpenSSL implements the standard as it must to interoperate with other implementations.

What SSLLabs is saying is that 3DES with 168 bits key only provides 112 bits of strength due to a meet-in-the-middle attack (generic to any iterated cipher, not just 3DES). See
https://crypto.stackexchange.com/questions/6345/why-is-triple-des-using-three-different-keys-vulnerable-to-a-meet-in-the-middle(attack)
https://crypto.stackexchange.com/questions/14659/find-out-which-keying-option-is-being-used-in-triple-des
https://crypto.stackexchange.com/questions/16073/why-is-triple-des-not-vulnerable-to-meet-in-the-middle-attacks
and especially https://crypto.stackexchange.com/questions/22279/discrepancy-with-reported-key-size-for-ede-ciphers-in-qualys-ssl-labs which is the same question from the correct end.

Community
  • 1
dave_thompson_085
  • 3,262
  • 1
  • 16
  • 16