MS KB3109853: Update to Improve TLS Session Resumption Interoperability

info Nessus Plugin ID 87876

Synopsis

The remote Windows host is missing an update to the TLS implementation in SChannel.

Description

The remote Windows host is missing an update to the Transport Layer Security (TLS) protocol implementation in SChannel. The update improves the interoperability between Schannel-based TLS clients and 3rd-party TLS servers that enable RFC5077-based resumption and that send the NewSessionTicket message in the abbreviated TLS handshake.
This update also addresses an issue in schannel.dll that could cause an RFC5077 session ticket-based resumption to fail, subsequently causing WinInet-based clients to perform a fallback to a lower TLS protocol version than what would have been otherwise negotiated.

Solution

Microsoft has released a set of patches for Windows 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3109853

Plugin Details

Severity: Info

ID: 87876

File Name: smb_kb3109853.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 1/12/2016

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Patch Publication Date: 1/12/2016

Vulnerability Publication Date: 1/12/2016

Reference Information

MSKB: 3109853