DTLS Heartbeat Removed in OpenSSL 1.1.1

Vijayakumar Kaliaperumal vkaliape at gmail.com
Wed Jul 8 17:32:07 UTC 2020


I am just following up with my earlier mail as I did not get an answer.   I
now understand that the heartbeat mechanism is completely removed
in OpenSSL 1.1.1,  whereas it's still available in gnuTLS.   So I do not
understand why it was removed from OpenSSL
Having your own keepalive mechanism(at application level) the only way
forward ?  I am still looking for some answers.    Can someone throw some
light on it ?


On Tue, Jun 9, 2020 at 2:25 PM Vijayakumar Kaliaperumal <vkaliape at gmail.com>

> Hello,
> From the release notes of OpenSSL 1.1.1, I could see that DTLS heartbeat
> has been removed
> .
> Heartbeat support has been removed; the ABI is changed for now.
> With  RFC 6520 in standards track, any specific reason(Vulnerability/other
> security issue reported) for the removal ?,   How can we re-enable it ?
> Recompile OpenSSL without OPENSSL_NO_HEARTBEATS macro ?   Please advise.
> Regards,
> Vijay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200708/c1ae33ff/attachment-0001.html>

More information about the openssl-users mailing list