DTLS Heartbeat Removed in OpenSSL 1.1.1
Vijayakumar Kaliaperumal
vkaliape at gmail.com
Wed Jul 8 17:32:07 UTC 2020
Hi,
I am just following up with my earlier mail as I did not get an answer. I
now understand that the heartbeat mechanism is completely removed
in OpenSSL 1.1.1, whereas it's still available in gnuTLS. So I do not
understand why it was removed from OpenSSL
Having your own keepalive mechanism(at application level) the only way
forward ? I am still looking for some answers. Can someone throw some
light on it ?
Regards,
Vijay
On Tue, Jun 9, 2020 at 2:25 PM Vijayakumar Kaliaperumal <vkaliape at gmail.com>
wrote:
> Hello,
>
> From the release notes of OpenSSL 1.1.1, I could see that DTLS heartbeat
> has been removed
> .
> Heartbeat support has been removed; the ABI is changed for now.
>
> With RFC 6520 in standards track, any specific reason(Vulnerability/other
> security issue reported) for the removal ?, How can we re-enable it ?
> Recompile OpenSSL without OPENSSL_NO_HEARTBEATS macro ? Please advise.
>
> Regards,
> Vijay
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200708/c1ae33ff/attachment-0001.html>
More information about the openssl-users
mailing list