[openssl-dev] [openssl.org #3647] Remove Heartbeat Extension entirely

[Aaron Zauner via RT]

Hi,

It seems the DTLS heartbeat extension is still supported in current
OpenSSL versions (at least that's my impression while playing around
with `s_server` with verbose debug logging).

I've talked extensively to cryptographers and implementors about this
extension, I'm not aware of a single use case of DTLS heartbeats. WebRTC
applications are probably not going to rely on DTLS to manage /something
like/ heartbeats but will manage that on a application level. As far as
I know, most WebRTC clients do exactly that.

Going through your RT I could not find a appropriate bug filed for the
removal of this -- rather unnecessary -- extension (I'm sure there has
been discussion previously, but opening a bug seems reasonable). Please
correct me if I'm wrong.

Since the feature is in there, it might make more sense to have a
compile-time option to _enable_ DTLS heartbeats rather than to disable
them (which a lot of hosting companies and CDNs do right now).

Thanks for your consideration and time,
Aaron


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150109/63cbb88a/attachment.sig>