Andreas Walz <> writes:
>>>> Peter Gutmann <> 21.09.16 17.54 Uhr >>>
>> If you're writing a strict validating protocol parser than disconnecting in
>> this case is a valid response, but if it's software that will be used by
>> actual humans then failing a connect based on something like this makes no
>> sense.
>Wouldn't this argument apply to any "decode_error"?

Nope.  There's a big difference between "I can't continue" and "I can 
continue without any problems but don't want to".  The example I gave of
"Couldn't connect to Amazon because no suitable encryption was available"
would be the error message to display in the case of a decode error that
garbled the cipher suites, an "I can't continue" condition.  The current
thread starter was a case of "I can continue without any problems but don't
want to", which pretty much any user of the product will perceive as a buggy
product, meaning they'll drop it and switch to something that works.

TLS mailing list

Reply via email to