[openssl-dev] frequency and size of heartbeat requests
Short, Todd
tshort at akamai.com
Tue Dec 12 18:41:56 UTC 2017
In the particular application where I used both TLS and DTLS, application-layer heartbeats were used, and it gave the app visibility into the connection status.
I agree, TLS/DTLS Heartbeats aren’t very useful.
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."
On Dec 5, 2017, at 2:21 PM, Salz, Rich via openssl-dev <openssl-dev at openssl.org<mailto:openssl-dev at openssl.org>> wrote:
The purpose of the HEARTBEAT message is for DTLS applications to determine the maximum packet size and tune the application records accordingly. There is never any reason to use this in TCP-based TLS; that was an OpenSSL bug that enabled it there.
The usefulness of HEARTBEAT even in DTLS is probably pretty small and it is probably safer to just turn it off. Spending time and code to “protect it” is probably not worth the effort.
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20171212/2cd70c16/attachment-0001.html>
More information about the openssl-dev
mailing list