diff --git a/tls/exceptions.py b/tls/exceptions.py
index 831c93e..3037b96 100644
--- a/tls/exceptions.py
+++ b/tls/exceptions.py
@@ -5,16 +5,21 @@
 from __future__ import absolute_import, division, print_function
 
 
-class UnsupportedCipherException(Exception):
+class TLSException(Exception):
+    """
+    This is the root exception from which all other exceptions inherit.
+    Lower-level parsing code raises very specific exceptions that higher-level
+    code can catch with this exception.
+    """
+
+
+class UnsupportedCipherException(TLSException):
     pass
 
 
-class UnsupportedExtensionException(Exception):
+class UnsupportedExtensionException(TLSException):
     pass
 
 
-class InvalidPaddingException(Exception):
-    # XXX: Is leaking this info in CertificateURL (i.e. revealing the specific
-    # byte that is invalid) a good idea? Need to check -- could be a
-    # vulnerability in disguise.
+class InvalidPaddingException(TLSException):
     pass