Interpreting SSLScan results

[b3d0uin]

I'm on Kali 2.0 and I got SSLScan 1.10.5-static on OpenSSL 1.0.2e-dev

I conducted a scan on a host and I got the following as part of the results:

Code:

Accepted  TLSv1.2  256 bits  AES256-SHA256                
Accepted  TLSv1.2  256 bits  AES256-SHA                   
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
Accepted  TLSv1.2  128 bits  AES128-SHA256                
Accepted  TLSv1.2  128 bits  AES128-SHA                   
Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA     

The ones in bold I do not understand. It seems to say that DES is supported, even though it is 112 bits. is this DES3? and Regarding the simple SHA. Does that mean it is SHA1? and is it considered weak ?

or is SSLScan generating false positives?

[grid]

I'd verify the SSLScan results against your target. Can't say I've some across the DES-CBC3-SHA output before, though.

[b3d0uin]

I'd verify the SSLScan results against your target. Can't say I've some across the DES-CBC3-SHA output before, though.

I think it means triple-Des, but I thought someone could confirm that ?

[grid]

That could be right, but I can't say for sure. You could poke through the SSLScan source, and see what's going on there; might give you some clues/confirmation.