Bill Frantz writes:
> We have always avoided the long form error messages in TLS
> because they can be of great help to attackers as well as
> debuggers. I think this objection is much weaker if we write the
> long form error messages into a log that is kept with other
> server logs.
I'd not
Eric Rescorla writes:
> I guess there might be some intermediate category 1.5 that's kind of in
> production so you don't want to print out complete logs, but you'd like
> more detail than you would probably want to expose in general, but my
> experience is that that's not super-common.
My expect
Colm MacCárthaigh writes:
> On the specific suggestion of having more granular error codes, I think
> this is a dangerous direction to take lightly; there's at least one
> instance where granular TLS alert messages have directly led to security
> issues by acting as oracles that aided the attacker
writes:
> As far as I can see, the original text is correct, which is easy to
> see if you look at the corresponding paragraph of RFC 4347 (DTLS 1.0):
>
> version
> The version of the protocol being employed. This document
> describes DTLS Version 1.0, which uses the version { 254,
