https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
In response, NIST plans to reduce the maximum amount of plaintext
allowed to be encrypted under a single TDEA 3-key bundle from 232 to 220
(64-bit) blocks. This will be announced in the upcoming draft of SP
800-67 Revision 2, and NIST will seek comments on this reduction in the
public review of that document.
In addition, NIST plans to disallow the algorithm for TLS, IPsec and
possibly other protocols. TLS is discussed in SP 800-52, Guidelines for
the Selection, Configuration, and Use of Transport Layer Security (TLS)
Implementations; draft revision 2 of SP 800-52 will be available for
public comment in the near future. IPsec will be discussed in a new
draft publication: SP 800-194, Cryptographic Recommendations for the
Internet Security Protocol (IPsec) and Internet Key Exchange (IKE),
which will also be available for public comment soon.
NIST urges all users of TDEA to migrate to AES as soon as possible.
Note that libreswan already removed 3DES from the default proposal set
for IKEv1, IKEv2 and IPsec, but still allows it to be configured
manually.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
