Vulnerability QID 38657 - Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) is listed as a confirmed vulnerability. However, it seems that the check is based solely on the supported cipher suites detected. One of the mitigations for this vulnerability is to implement a data size limit per unique session key. This mitigation would not be detected by the check logic and would lead to false positives. Should this check be potential instead?