After PR #625 all alerts are required to be sent with fatal AlertLevel except 
for close_notify, end_of_early_data, and user_canceled. Since those three 
alerts all have separate specified behavior, the AlertLevel field is not 
serving much purpose, other than providing potential for misuse. We (Facebook) 
currently receive a number of alerts at incorrect levels from clients 
(internal_error warning alerts, etc.). I propose deprecating this field to 
simplify implementations and require that any misuse be ignored.


TLS mailing list

Reply via email to