[Bro] SSL_SessConIncon

Sean McCreary mccreary at ucar.edu
Wed May 6 11:36:02 PDT 2009

Since upgrading to Robin's latest cluster policy scripts I'm seeing a
lot of alarms for SSL_SessConIncon notices.  ssl.bro raises this notice
when a current SSL connection does not match either the version or
cipher of a previous matching connection, and bro has inferred that the
SSL connection was cached and reused.  Is this a known bug in ssl.bro?

FWIW, it only happens with one very busy server on our network, and for
both simap and https connections.  I can gather more information if we
need to debug the problem.

More information about the Bro mailing list