OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
cvs.openssl.org/chngview?cn=20131
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
marc.info/?l=bugtraq&m=129916880600544&w=2
marc.info/?l=bugtraq&m=130497251507577&w=2
marc.info/?l=bugtraq&m=132077688910227&w=2
openssl.org/news/secadv_20101202.txt
osvdb.org/69565
secunia.com/advisories/42469
secunia.com/advisories/42473
secunia.com/advisories/42493
secunia.com/advisories/42571
secunia.com/advisories/42620
secunia.com/advisories/42811
secunia.com/advisories/42877
secunia.com/advisories/43169
secunia.com/advisories/43170
secunia.com/advisories/43171
secunia.com/advisories/43172
secunia.com/advisories/43173
secunia.com/advisories/44269
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
support.apple.com/kb/HT4723
ubuntu.com/usn/usn-1029-1
www.debian.org/security/2011/dsa-2141
www.kb.cert.org/vuls/id/737740
www.mandriva.com/security/advisories?name=MDVSA-2010:248
www.redhat.com/support/errata/RHSA-2010-0977.html
www.redhat.com/support/errata/RHSA-2010-0978.html
www.redhat.com/support/errata/RHSA-2010-0979.html
www.redhat.com/support/errata/RHSA-2011-0896.html
www.securityfocus.com/archive/1/522176
www.securityfocus.com/bid/45164
www.securitytracker.com/id?1024822
www.vupen.com/english/advisories/2010/3120
www.vupen.com/english/advisories/2010/3122
www.vupen.com/english/advisories/2010/3134
www.vupen.com/english/advisories/2010/3188
www.vupen.com/english/advisories/2011/0032
www.vupen.com/english/advisories/2011/0076
www.vupen.com/english/advisories/2011/0268
bugzilla.redhat.com/show_bug.cgi?id=659462
kb.bluecoat.com/index?page=content&id=SA53&actp=LIST
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910