The remote Debian host is missing a security-related update.
Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
Upgrade the openssl1.0 packages. For the stable distribution (stretch), these problems have been fixed in version 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for stretch will be based on the 1.0.2x upstream releases.