Bill Frantz <frantz@xxxxxxxxxxxxxx> writes: >We have always avoided the long form error messages in TLS because they can >be of great help to attackers as well as debuggers. That's why I said it was a debug-only capability, not an always-enabled on-by- default capability. >I think this objection is much weaker if we write the long form error >messages into a log that is kept with other server logs. That's the worst-case debugging scenario I mentioned where you need to contact the server admin on every test run to see what went wrong. What you've described is the (broken) status quo that people in this thread are trying to fix. Peter.
