[openssl-users] TLS Heartbeat

Michael Wojcik Michael.Wojcik at microfocus.com
Sun Dec 11 18:48:32 UTC 2016


> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Kyle Hamilton
> Sent: Sunday, December 11, 2016 02:29
> To: openssl-users
> Subject: Re: [openssl-users] TLS Heartbeat
>
> disable O_NAGLE on the socket?

Do you mean enable TCP_NODELAY? That's the standard (POSIX / SUSv3) option that disables the Nagle algorithm.

Using it is generally a sign of poorly-written software, created by someone who couldn't take the time to learn how TCP works. But then given the OP's description of the original problem, disabling the Nagle algorithm is likely not the most egregious design decision here. I'll echo Rich's sentiment: If you're using TLS heartbeat, You're Doing It Wrong.

Also, note that Nagle / Delayed ACK interaction should only delay transmission for up to 200ms. The OP didn't provide any actual useful information about what the "problem" is, so we don't know whether the heartbeats would have been transmitted after 200ms.

If they're not being transmitted for some other reason (e.g. receive window advertised as closed), then  disabling Nagle won't make any difference.

Michael Wojcik 
Distinguished Engineer, Micro Focus 





More information about the openssl-users mailing list