SynopsisThe remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.
DescriptionThe SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiated when resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able to manipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.
File Name: ssl_resume_different_cipher.nasl
Required KB Items: SSL/Resume/Different