|Applies To||RSA Certificate Manager 6.8|
RSA Certificate Manager (RCM)
RSA Registration Manager 6.8
RSA Registration Manager (RRM)
RSA Validation Manager (RVM)
RSA Validation Manager 3.1
Microsoft Windows Server 2003 SP2
|Issue||scan shows version of OpenSSL on the remote host has been shown to allow the use of disabled ciphers|
The version of OpenSSL on the remote host has been shown to allow the use of disabled ciphers when resuming a session. This means that an attacker that sees (e.g. by sniffing) the start of an SSL connection can manipulate the OpenSSL session cache to cause subsequent resumes of that session to use a disabled cipher chosen by the attacker.
This is not applicable to RCM and RVM.
|Legacy Article ID||a55884|