After PR #625 all alerts are required to be sent with fatal AlertLevel except
for close_notify, end_of_early_data, and user_canceled. Since those three
alerts all have separate specified behavior, the AlertLevel field is not
serving much purpose, other than providing potential for misuse. We (Facebook)
currently receive a number of alerts at incorrect levels from clients
(internal_error warning alerts, etc.). I propose deprecating this field to
simplify implementations and require that any misuse be ignored.
TLS mailing list