> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Vijayakumar Kaliaperumal
> Sent: Wednesday, July 08, 2020 11:32
> I now understand that the heartbeat mechanism is completely removed in OpenSSL
> 1.1.1, whereas it's still available in gnuTLS.
gnuTLS would not be my personal choice of exemplar. "gnuTLS does it" often
seems to be a better argument against something than for it.
> So I do not understand why it was removed from OpenSSL
Well, PR 1928 (https://github.com/openssl/openssl/pull/1928), which removed it,
doesn't have a lot of discussion. Richard Levitte created the changes and the
request, and Tim Hudson approved them; there's not much else, aside from some
comments regarding deprecating the Configure option (which I believe was done).
The PR does mention Issue 4856
(https://github.com/openssl/openssl/issues/4856), in which Hanno Boeck cites
Heartbleed and claims "there don't seem to be any real world use cases".
I'm not convinced that there aren't *any* real-world use cases. Your message
suggests you have one, and Seggelmann et al. presumably had one when they wrote
RFC 6520 and Seggelmann submitted the code change for OpenSSL. RFC 6520 notes
that Heartbeat can be used for PMTU discovery for DTLS, besides its nominal
"are you still there?" function. And keepalives are used in a number of
protocols, both to keep a path active (though that was more relevant when
virtual-circuit-switching and on-demand physical links were more common) and to
periodically test a path to ensure the peer was still reachable and responding.
However, Hanno Boeck knows as much about real-world TLS and DTLS usage as
anyone I can think of, and Heartbeat is widely viewed as over-engineered and
unnecessarily complex, which is why we had Heartbleed in the first place. None
of the products I currently work on use DTLS, but if they did, I wouldn't be
sorry to see Heartbeat go.
> Having your own keepalive mechanism(at application level) the only way
> forward?
If you're using OpenSSL, then I'd say it's either implement one in the
application, or create an intermediate library that adds a keepalive mechanism
on top of OpenSSL's DTLS support, or hack Heartbeat back into OpenSSL. I
definitely would not recommend the third. The first lets you tailor the
keepalive to the application's architecture and needs; the second lets you
reuse the implementation.
--
Michael Wojcik