TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS 1.0, TLS 1.1, TLS 1.2 | CRITICALLY WEAK Not Recommended
Cipher Suite Details
TLS_RSA_WITH_3DES_EDE_CBC_SHA0x000A10What is TLS_RSA_WITH_3DES_EDE_CBC_SHA?
TLS_RSA_WITH_3DES_EDE_CBC_SHA is an extremely weak cipher suite using Triple DES encryption, which provides only 112-bit security due to meet-in-the-middle attacks. Combined with static RSA (no forward secrecy) and SHA-1 HMAC (broken), this is one of the worst cipher suites still supported by some legacy systems. 3DES is also extremely slow (10x slower than AES). The Sweet32 attack (2016) demonstrated practical exploits against 3DES in TLS. This cipher suite is completely deprecated and disabled in all modern browsers. It should never be used under any circumstances.
Role in JA3 Fingerprinting
The TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is part of the TLS Client Hello that JA3 analyzes. Cipher suite order and selection are key indicators of browser type and version.
JA3 Format: TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS
Different browsers prioritize different cipher suites (Chrome prefers ChaCha20 on mobile, Firefox prioritizes AES-GCM, etc.), making cipher suite ordering a reliable fingerprint.
Test Your Cipher Suites
See which cipher suites your browser advertises, including TLS_RSA_WITH_3DES_EDE_CBC_SHA.