On 12/2/16 12:16 PM, Wietse Venema wrote:
With 'no shared ciphers' happening frequently, do we want to set up a TLS troubleshooting document, or is the decision tree too complex for such a document to be useful?
Considering how often the question is asked, probably.
However, I think the error message in the logs is partly to blame since it will come up in a grep search for 'error'. (yes, people should grep for "error:" but they don't.)
Instead of "Protocol error;" I'd suggest maybe "no protocol match;" or similar wording that doesn't include 'error'.
