A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information.To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack.The update addresses the vulnerability by correcting how TLS client and server establish and resume sessions with non-EMS peers.