dtls: Customize alert handling for DTLS over UDP

From RFC 6347:

4.1.2.7.  Handling Invalid Records

Unlike TLS, DTLS is resilient in the face of invalid records (e.g.,
invalid formatting, length, MAC, etc.).  In general, invalid
records SHOULD be silently discarded, thus preserving the
association; however, an error MAY be logged for diagnostic
purposes.  Implementations which choose to generate an alert
instead, MUST generate fatal level alerts to avoid attacks where
the attacker repeatedly probes the implementation to see how it
responds to various types of error.  Note that if DTLS is run over
UDP, then any implementation which does this will be extremely
susceptible to denial-of-service (DoS) attacks because UDP forgery
is so easy.  Thus, this practice is NOT RECOMMENDED for such
transports.

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/ssl/src/ssl_alert.erl b/lib/ssl/src/ssl_alert.erl
index b923785e17..2749feb1eb 100644
--- a/lib/ssl/src/ssl_alert.erl
+++ b/lib/ssl/src/ssl_alert.erl
@@ -103,8 +103,8 @@ description_txt(?UNEXPECTED_MESSAGE) ->
     "Unexpected Message";
 description_txt(?BAD_RECORD_MAC) ->
     "Bad Record MAC";
-description_txt(?DECRYPTION_FAILED) ->
-    "Decryption Failed";
+description_txt(?DECRYPTION_FAILED_RESERVED) ->
+    "Decryption Failed Reserved";
 description_txt(?RECORD_OVERFLOW) ->
     "Record Overflow";
 description_txt(?DECOMPRESSION_FAILURE) ->