[openssl-dev] [openssl.org #3908] Patch fixing some heartbeat issues (vs latest git master)
Michael Tuexen
Michael.Tuexen at lurchi.franken.de
Mon Jun 15 10:42:16 UTC 2015
> On 15 Jun 2015, at 10:35, Matt Caswell <matt at openssl.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 13/06/15 14:43, Hanno Böck wrote:
>> Serious question: Is there any valid use case for heartbeats in TLS
>> or DTLS? (With valid use case I mean something like "I use it for
>> this system", not answers like "you could use it for xy")
>
> I had always understood the argument in favour of heartbeat for DTLS
> to be:
> 1) PMTU discovery
> 2) Keep-alive functionality
>
> I've never heard a good argument for TLS (PMTU is irrelevant for TLS,
> and TCP provides keep-alive).
TCP provides keep-alives, but at a timescale which is not acceptable
for all applications. The default to start sending them is an idle
time of 2 hours. So applications will need to send their own in
some cases, but they can be application messages.
Best regards
Michael
>
> Matt
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJVfo5IAAoJENnE0m0OYESRqHEIAJnLGo1qzx+k+qtodZpzQ8M9
> fhmsTsZJy6zbVK0lIEcK4Rn/0BEMM0i/0GTYiqHpIduIjR5utNDSfyl3ViYsPP0W
> e3zjzWAy4L2CjdNLcwbOMAjvTAIxKUJIYtkisT3BN0Pv8zMN19Imqso8CnaWtgG7
> 0n5QHE9Wx4wSgUI8Wt29q7LoPxnFNf7NOOi++fO8RjE4K+evP2OE7i4oAFk/nlZs
> m5J+XJ2CVYHkg7uQ4btHLINVt9PBU7GpK58fOQ+3A8VXcXMYLKEwNoB3r7hsB2Uj
> zvNECHXQFn9sVaj7u2PLNZITn3O1diw88oTe6O9PrSVQKh6+1QCZwU1cW7C9AWg=
> =zepT
> -----END PGP SIGNATURE-----
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
More information about the openssl-dev
mailing list