The remote Debian host is missing a security-related update.
Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. - CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS connections. - CVE-2016-5421 Marcelo Echeverria and Fernando Munoz discovered that libcurl was vulnerable to a use-after-free flaw.
Upgrade the curl packages. For the stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u4.