On Thursday, July 23, 2015 03:31:06 pm Aaron Zauner wrote: > Fine with that. Now that I think about it again; I'm also fine with the > original proposal. The thing is 'insufficient security' has a nicer ring > to it than 'unsupported XYZ'.
It's wrong, though. If a server rejects a client connection because the server only supports RC4 and the client doesn't, the correct error for the server to return is "insufficient_security". If you invert the meaning, I guess the server has insufficient security, but it's not the same. If we're ok with a complete change, then I'll just go with the "unsupported_X" format as there's already an "unsupported_certificate" and "unsupported_extension". I'll stick a commit for this into my ever growing PR #201 in a bit. Dave _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
