[openssl-users] TLS Heartbeat

Rasool, Kaja Mohideen (Nokia - IN) kaja_mohideen.rasool at nokia.com
Mon Dec 12 04:53:23 UTC 2016

Yes. We're thinking of using TLS Heartbeats as cheaper KeepAlive option in idle connections.

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Michael Wojcik
Sent: Monday, December 12, 2016 12:19 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] TLS Heartbeat

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Kyle Hamilton
> Sent: Sunday, December 11, 2016 02:29
> To: openssl-users
> Subject: Re: [openssl-users] TLS Heartbeat
> disable O_NAGLE on the socket?

Do you mean enable TCP_NODELAY? That's the standard (POSIX / SUSv3) option that disables the Nagle algorithm.

Using it is generally a sign of poorly-written software, created by someone who couldn't take the time to learn how TCP works. But then given the OP's description of the original problem, disabling the Nagle algorithm is likely not the most egregious design decision here. I'll echo Rich's sentiment: If you're using TLS heartbeat, You're Doing It Wrong.

Also, note that Nagle / Delayed ACK interaction should only delay transmission for up to 200ms. The OP didn't provide any actual useful information about what the "problem" is, so we don't know whether the heartbeats would have been transmitted after 200ms.

If they're not being transmitted for some other reason (e.g. receive window advertised as closed), then  disabling Nagle won't make any difference.

Michael Wojcik 
Distinguished Engineer, Micro Focus 

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list