SSL Resume With Different Cipher Issue
Info Nessus Plugin ID 58768
SynopsisThe remote host allows resuming SSL sessions with a different cipher than the one originally negotiated.
DescriptionThe SSL implementation on the remote host has been shown to allow a cipher other than the one originally negotiated when resuming a session. An attacker that sees (e.g. by sniffing) the start of an SSL connection may be able to manipulate session cache to cause subsequent resumptions of that session to use a cipher chosen by the attacker.