[openssl-dev] frequency and size of heartbeat requests
Jitendra Lulla
lullajd at yahoo.com
Wed Dec 6 11:36:43 UTC 2017
thanks Hanno and Rich.
--------------------------------------------
On Tue, 12/5/17, Hanno Böck <hanno at hboeck.de> wrote:
Subject: Re: [openssl-dev] frequency and size of heartbeat requests
To: openssl-dev at openssl.org
Cc: "Jitendra Lulla" <lullajd at yahoo.com>
Date: Tuesday, December 5, 2017, 9:59 PM
On Tue, 5 Dec 2017 19:14:41 +0000
(UTC)
Jitendra Lulla via openssl-dev <openssl-dev at openssl.org>
wrote:
> Could the
solution be a restricted count of HB requests along with
a
> timer?
No, the solution is to disable TLS
heartbeats.
I actually wanted to bring this
up when I recently noticed that OpenSSL
still enables the heartbeat extension by
default in every clienthello
it sends.
In the whole Heartbleed
aftermath nobody was ever able to tell me where
TLS Heartbeats are used. It's a feature in
order to have a feature.
--
Hanno
Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG:
FE73757FA60E4E21B937579FA5880072BBB51E42
More information about the openssl-dev
mailing list