The remote host is missing an update to openssl, openssl097 announced via advisory DSA 1701-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201701-1

It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077). For the stable distribution (etch), this problem has been fixed in version 0.9.8c-4etch4 of the openssl package, and version 0.9.7k-3.1etch2 of the openssl097 package. For the unstable distribution (sid), this problem has been fixed in version 0.9.8g-15. The testing distribution (lenny) will be fixed soon. We recommend that you upgrade your OpenSSL packages.