TLS_RSA_WITH_3DES_EDE_CBC_SHA reported as 112 bits

You should disable all triple DES ciphers because 192 bit triple DES keys only have about 112 bits of security and 128 bit triple DES keys have even less than 112 bit security, rather around 80 bits for the best attacks. Furthermore, triple DES only has an 64 bit block size, which is detrimental to security as well.

There is a difference between the key size in memory - including overhead like parity bits (192 bits), the bits used of the key (168 bits), the intended security of the key (112 bits) and the actual security given the attacks possible on the cipher (still 112 bits). The figures between parentheses are for triple DES keys (DES ABC). For double DES keys you will come to 128 bits / 112 bits / 112 bits and 80 bits.

AES 128 has an actual security of over 126 bits (128 bits encoded, 128 bits actual and 126 bits of security) it should be strongly preferred. It's also much faster than 3DES and is widely supported, so disabling 3DES altogether should be the preferred option - unless you are certain that clients will fail.

In general you should try and achieve a security of around 128 bits or over.


Notes:

  • the strength of the symmetric cipher used in TLS has nothing to do with the certificate used;
  • the 112 bits of security is because of a meet-in-the-middle attack which was already known when 3DES was designed, so 112 bit is the intended strength of three key 3DES.

Maarten's answer is excellent, but to expand on it a bit, you may want to read up on Meet-in-the-Middle attacks. The idea is, when you have a cryptographic cipher that consists of performing the same operation with two different keys in opposite directions, you can effectively search the key space from both directions at once, storing results (requires enough space to store every possible key value) and looking for matches. This greatly reduces the search time (at the cost of hugely increasing the amount of memory space needed to perform the search).

Both forms of 3DES - ABA and ABC - use this "one key goes one direction, another key goes the other direction" approach. The third pass provides some protection, even when just using the first key over again (ABA mode); without the third pass, an attacker with a lookup table of size 2^56 can break "double-DES" in 2^57 operations (worst-case, each possible key both directions), which is only twice as many operations as breaking single-DES (now possible in about a day of work for dedicated hardware). However, this ABA scheme has been found to be weaker than originally expected. ABC mode, to the best of our knowledge, preserves the effective full strength of twice a DES key (even though it requires three DES keys).

It's also worth noting that 112 bits, or even 80 bits, are still very large search spaces (and 56 bits is a hell of a lot of memory; you'd need thousands of today's hard disks to hold it). While it's definitely a good idea to move to ciphers with a minimum effective strength of 128 bits, especially for anything that you want to keep safe in the long term, there are very few if any* entities in the world today (maybe the NSA and its ilk) that can break an 80-bit cipher in a reasonable time, and none* that can break 112 bit ciphers (which are about 4 billion times as difficult).

*To the best of our knowledge, at least...